]> git.mxchange.org Git - mailer.git/commitdiff
Complete rewrite of and , wrapper functions added, see bug #101
authorRoland Häder <roland@mxchange.org>
Sat, 28 Feb 2009 21:52:50 +0000 (21:52 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 28 Feb 2009 21:52:50 +0000 (21:52 +0000)
203 files changed:
.gitattributes
beg.php
birthday_confirm.php
click.php
confirm.php
debug.php
doubler.php
img.php
inc/check-reset.php
inc/config-functions.php [new file with mode: 0644]
inc/footer.php
inc/functions.php
inc/handler.php [new file with mode: 0644]
inc/header.php
inc/hooks.php [new file with mode: 0644]
inc/install-inc.php
inc/libs/admins_functions.php
inc/libs/newsletter_functions.php
inc/libs/primera_functions.php
inc/libs/rallye_functions.php
inc/libs/register_functions.php
inc/libs/rewrite_functions.php
inc/libs/sponsor_functions.php
inc/libs/surfbar_functions.php
inc/libs/theme_functions.php
inc/libs/user_functions.php
inc/modules/admin.php
inc/modules/admin/action-logout.php
inc/modules/admin/admin-inc.php
inc/modules/admin/what-add_bank_package.php
inc/modules/admin/what-add_guestnl_cat.php
inc/modules/admin/what-add_points.php
inc/modules/admin/what-add_rallye.php
inc/modules/admin/what-add_sponsor.php
inc/modules/admin/what-add_surfbar_url.php
inc/modules/admin/what-admin_add.php
inc/modules/admin/what-adminedit.php
inc/modules/admin/what-admins_add.php
inc/modules/admin/what-admins_contct.php
inc/modules/admin/what-admins_edit.php
inc/modules/admin/what-admins_mails.php
inc/modules/admin/what-config_active.php
inc/modules/admin/what-config_admin.php
inc/modules/admin/what-config_admins.php
inc/modules/admin/what-config_autopurge.php
inc/modules/admin/what-config_beg.php
inc/modules/admin/what-config_birthday.php
inc/modules/admin/what-config_bonus.php
inc/modules/admin/what-config_cache.php
inc/modules/admin/what-config_cats.php
inc/modules/admin/what-config_doubler.php
inc/modules/admin/what-config_email.php
inc/modules/admin/what-config_extensions.php
inc/modules/admin/what-config_holiday.php
inc/modules/admin/what-config_home.php
inc/modules/admin/what-config_mediadata.php
inc/modules/admin/what-config_mods.php
inc/modules/admin/what-config_newsletter.php
inc/modules/admin/what-config_nickname.php
inc/modules/admin/what-config_order.php
inc/modules/admin/what-config_other.php
inc/modules/admin/what-config_payouts.php
inc/modules/admin/what-config_points.php
inc/modules/admin/what-config_primera.php
inc/modules/admin/what-config_proxy.php
inc/modules/admin/what-config_rallye_prices.php
inc/modules/admin/what-config_refback.php
inc/modules/admin/what-config_refid.php
inc/modules/admin/what-config_register.php
inc/modules/admin/what-config_register2.php
inc/modules/admin/what-config_removeip.php
inc/modules/admin/what-config_rewrite.php
inc/modules/admin/what-config_secure.php
inc/modules/admin/what-config_session.php
inc/modules/admin/what-config_sponsor.php
inc/modules/admin/what-config_stats.php
inc/modules/admin/what-config_surfbar.php
inc/modules/admin/what-config_title.php
inc/modules/admin/what-config_top10.php
inc/modules/admin/what-config_transfer.php
inc/modules/admin/what-config_user.php
inc/modules/admin/what-config_wernis.php
inc/modules/admin/what-config_yoomedia.php
inc/modules/admin/what-del_email.php
inc/modules/admin/what-del_holiday.php
inc/modules/admin/what-del_sponsor.php
inc/modules/admin/what-del_transfer.php
inc/modules/admin/what-del_user.php
inc/modules/admin/what-edit_emails.php
inc/modules/admin/what-edit_sponsor.php
inc/modules/admin/what-edit_user.php
inc/modules/admin/what-email_archiv.php
inc/modules/admin/what-email_details.php
inc/modules/admin/what-extensions.php
inc/modules/admin/what-guest_add.php
inc/modules/admin/what-guestedit.php
inc/modules/admin/what-list_bank_package.php
inc/modules/admin/what-list_beg.php
inc/modules/admin/what-list_bonus.php
inc/modules/admin/what-list_cats.php
inc/modules/admin/what-list_country.php
inc/modules/admin/what-list_doubler.php
inc/modules/admin/what-list_links.php
inc/modules/admin/what-list_newsletter.php
inc/modules/admin/what-list_notifications.php
inc/modules/admin/what-list_payouts.php
inc/modules/admin/what-list_rallyes.php
inc/modules/admin/what-list_refs.php
inc/modules/admin/what-list_sponsor.php
inc/modules/admin/what-list_sponsor_pay.php
inc/modules/admin/what-list_sponsor_pays.php
inc/modules/admin/what-list_surfbar_urls.php
inc/modules/admin/what-list_task.php
inc/modules/admin/what-list_unconfirmed.php
inc/modules/admin/what-list_user.php
inc/modules/admin/what-list_yoomedia_tm.php
inc/modules/admin/what-lock_sponsor.php
inc/modules/admin/what-lock_user.php
inc/modules/admin/what-logs.php
inc/modules/admin/what-maintenance.php
inc/modules/admin/what-mem_add.php
inc/modules/admin/what-memedit.php
inc/modules/admin/what-overview.php
inc/modules/admin/what-payments.php
inc/modules/admin/what-refbanner.php
inc/modules/admin/what-send_bonus.php
inc/modules/admin/what-send_newsletter.php
inc/modules/admin/what-stats_mods.php
inc/modules/admin/what-sub_points.php
inc/modules/admin/what-surfbar_stats.php
inc/modules/admin/what-theme_edit.php
inc/modules/admin/what-theme_import.php
inc/modules/admin/what-unlock_emails.php
inc/modules/admin/what-unlock_sponsor.php
inc/modules/admin/what-unlock_surfbar_urls.php
inc/modules/admin/what-usage.php
inc/modules/admin/what-user_contct.php
inc/modules/chk_login.php
inc/modules/frametester.php
inc/modules/guest/what-confirm.php
inc/modules/guest/what-login.php
inc/modules/guest/what-register.php
inc/modules/guest/what-sponsor_login.php
inc/modules/guest/what-sponsor_reg.php
inc/modules/guest/what-stats.php
inc/modules/index.php
inc/modules/loader.php
inc/modules/member/what-categories.php
inc/modules/member/what-holiday.php
inc/modules/member/what-html_mail.php
inc/modules/member/what-mydata.php
inc/modules/member/what-newsletter.php
inc/modules/member/what-nickname.php
inc/modules/member/what-order.php
inc/modules/member/what-payout.php
inc/modules/member/what-primera.php
inc/modules/member/what-refback.php
inc/modules/member/what-support.php
inc/modules/member/what-surfbar_book.php
inc/modules/member/what-surfbar_list.php
inc/modules/member/what-themes.php
inc/modules/member/what-transfer.php
inc/modules/member/what-unconfirmed.php
inc/modules/member/what-wernis.php
inc/modules/order.php
inc/modules/sponsor/account.php
inc/modules/sponsor/settings.php
inc/mysql-connect.php
inc/mysql-manager.php
inc/request-functions.php [new file with mode: 0644]
inc/session-functions.php [new file with mode: 0644]
inc/stylesheet.php
install.php
js.php
mailid.php
mailid_top.php
modules.php
ref.php
show_bonus.php
sponsor_confirm.php
sponsor_ref.php
surfbar.php
templates/de/emails/member/member_contct.tpl
templates/de/html/admin/admin_add_points.tpl
templates/de/html/admin/admin_add_points_all.tpl
templates/de/html/admin/admin_contct_user_form.tpl
templates/de/html/admin/admin_del_user.tpl
templates/de/html/admin/admin_edit_user.tpl
templates/de/html/admin/admin_list_beg_rows.tpl
templates/de/html/admin/admin_list_cats.tpl
templates/de/html/admin/admin_list_cats_404.tpl
templates/de/html/admin/admin_list_links.tpl
templates/de/html/admin/admin_list_rallye_usr_row.tpl
templates/de/html/admin/admin_list_rallyes_row2.tpl
templates/de/html/admin/admin_list_unconfirmed.tpl
templates/de/html/admin/admin_lock_user.tpl
templates/de/html/admin/admin_member_selection_box.tpl
templates/de/html/admin/admin_sub_points.tpl
templates/de/html/admin/admin_sub_points_all.tpl
templates/de/html/admin/admin_task_holiday.tpl
templates/de/html/guest/guest_register.tpl
templates/de/html/member/member_mydata_edit.tpl
view.php

index 28b84dc6ff0821e64dd666ad38370b969945e95b..0b7e640230dc8b46eacad7012c4b85361e23052b 100644 (file)
@@ -92,6 +92,7 @@ inc/autopurge/purge-unconfirmed.php -text
 inc/cache/.htaccess -text
 inc/cache/.revision -text
 inc/check-reset.php -text
+inc/config-functions.php -text
 inc/config.php -text
 inc/databases.php -text
 inc/db/.htaccess -text
@@ -167,7 +168,9 @@ inc/functions.php -text
 inc/gen_mediadata.php -text
 inc/gen_refback.php -text
 inc/gen_sql_patches.php -text
+inc/handler.php -text
 inc/header.php -text
+inc/hooks.php -text
 inc/img/.htaccess -text
 inc/install-inc.php -text
 inc/js/.htaccess -text
@@ -603,6 +606,7 @@ inc/pool/pool-bonus.php -text
 inc/pool/pool-user.php -text
 inc/profile-updte.php -text
 inc/rdf.class.php -text
+inc/request-functions.php -text
 inc/reset/.htaccess -text
 inc/reset/reset_ -text
 inc/reset/reset_beg.php -text
@@ -613,6 +617,7 @@ inc/reset/reset_holiday.php -text
 inc/reset/reset_surfbar.php -text
 inc/reset/reset_yoomedia.php -text
 inc/security.php -text
+inc/session-functions.php -text
 inc/session.php -text
 inc/sql_error.php -text
 inc/stats_bonus.php -text
diff --git a/beg.php b/beg.php
index ae8405559315cf130ba38c9c5d43d227b5728492..72148cbdb1e68d5cbef088f1a97809150542dcdf 100644 (file)
--- a/beg.php
+++ b/beg.php
@@ -54,7 +54,7 @@ REDIRCT_ON_UNINSTALLED_EXTENSION("beg");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Check for userid
-       if (!empty($_GET['uid'])) {
+       if (REQUEST_ISSET_GET(('uid'))) {
                // Init variables
                $uid = 0;
                $result = false;
@@ -64,11 +64,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                $pay = false;
 
                // Validate if it is not a number
-               if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") {
+               if ("".(REQUEST_GET('uid') + 0)."" !== "".REQUEST_GET('uid')."") {
                        if (EXT_IS_ACTIVE("nickname")) {
                                // Maybe we have found a nickname?
                                $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
-                                       array($_GET['uid']), __FILE__, __LINE__);
+                                       array(REQUEST_GET('uid')), __FILE__, __LINE__);
                        } else {
                                // Nickname entered but nickname is not active
                                $msg = constant('CODE_EXTENSION_PROBLEM');
@@ -77,7 +77,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                } else {
                        // Direct userid
                        $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-                               array(bigintval($_GET['uid'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                }
 
                // Check if locked in so don't pay points
@@ -99,7 +99,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                $points = mt_rand((getConfig('beg_points') * 100000), (getConfig('beg_points_max') * 100000)) / 100000;
 
                                // Set nickname / userid for the template(s
-                               define('__BEG_UID'   , SQL_ESCAPE($_GET['uid']));
+                               define('__BEG_UID'   , SQL_ESCAPE(REQUEST_GET('uid')));
                                define('__BEG_CLICKS', ($clicks + 1));
                                define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
                                define('__BEG_POINTS', TRANSLATE_COMMA($points));
@@ -207,7 +207,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                } elseif (($uid == "0") || ($status == "failed")) {
                        // Inalid or locked account, so let's find out
                        $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
-                               array($_GET['uid']), __FILE__, __LINE__);
+                               array(REQUEST_GET('uid')), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1) {
                                // Locked account
                                $msg = constant('CODE_ACCOUNT_LOCKED');
index 7b0a83bc0d1a27a998eb2a19522ade96cab38995..47bb1753b9006697d7e171efb3e66eac3be1ff93 100644 (file)
@@ -51,10 +51,10 @@ REDIRECT_ON_UNINSTALLED_EXTENSION("birthday");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Script is installed so let's check for his confirmation link...
-       $uid = bigintval($_GET['uid']);
+       $uid = bigintval(REQUEST_GET('uid'));
 
        // Only allow numbers here...
-       $chk = bigintval($_GET['check'], false);
+       $chk = bigintval(REQUEST_GET('check'), false);
 
        // Check if link is not clicked so far
        $result = SQL_QUERY_ESC("SELECT b.points, d.gender, d.surname, d.family, d.status, d.ref_payout
@@ -63,7 +63,7 @@ INNER JOIN `{!_MYSQL_PREFIX!}_user_data` AS d
 ON b.userid=d.userid
 WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
-       //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
+       //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen(REQUEST_GET('check'))."/".SQL_NUMROWS($result).")<br />\n";
 
        // Is an entry there?
        if (SQL_NUMROWS($result) == 1) {
index 4018e63236486829654e1178f16d467a48020794..342977a17577b370392d7ecda9b90c0713bdb898 100644 (file)
--- a/click.php
+++ b/click.php
@@ -44,14 +44,14 @@ $GLOBALS['module'] = "click"; $GLOBALS['output_mode'] = -1;
 // Load the required file(s)
 require("inc/config.php");
 
-if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
+if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) {
        // Update clicks counter...
-       SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+       SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
        if (SQL_AFFECTEDROWS() == 1) {
-               if (!empty($_GET['user'])) {
-                       LOAD_URL("ref.php?refid=".bigintval($_GET['user']));
-               } elseif (!empty($_GET['reseller'])) {
-                       LOAD_URL("shop_reseller.php?reseller=".bigintval($_GET['reseller']));
+               if (REQUEST_ISSET_GET(('user'))) {
+                       LOAD_URL("ref.php?refid=".bigintval(REQUEST_GET('user')));
+               } elseif (REQUEST_ISSET_GET(('reseller'))) {
+                       LOAD_URL("shop_reseller.php?reseller=".bigintval(REQUEST_GET('reseller')));
                }
        } // END - if
 } // END - if
index 278c428eb8b45de0594fcd3f3d93da1937468dcc..a865009f7cd08b7843557e3330eff071d85850fc 100644 (file)
@@ -49,12 +49,12 @@ require("inc/config.php");
 if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) {
        // Base URL for redirection
        $URL = "modules.php?module=index&amp;what=confirm&hash=";
-       if (empty($_GET['hash'])) {
+       if (!REQUEST_ISSET_GET(('hash'))) {
                // No refid and we add our refid (don't forget to set $def_refid!)
                $URL = "modules.php?module=index";
        } else {
                // We have an refid here. So we simply add it
-               $URL .= $_GET['hash'];
+               $URL .= REQUEST_GET('hash');
        }
 
        // Load the URL
index 38b90c5b9e2bad2c9331194b47e9eca669880f4c..533676e3f9fe6fabca4ecfe93110740bcdb5dc9c 100644 (file)
--- a/debug.php
+++ b/debug.php
@@ -54,13 +54,13 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (getTotalFatalErrors() =
        } // END - if
 
        // Is the request parameter set?
-       if (isset($_POST['request'])) {
+       if (REQUEST_ISSET_POST(('request'))) {
                // Handle the request
-               if (DEBUG_HANDLE_REQUEST($_POST['request'])) {
+               if (DEBUG_HANDLE_REQUEST(REQUEST_POST('request'))) {
                        // Construct FQFN for the module
                        $INC = sprintf("inc/debug/%s/request_%s",
                                getConfig('debug_mode'),
-                               SQL_ESCAPE($_POST['request'])
+                               SQL_ESCAPE(REQUEST_POST('request'))
                        );
 
                        // Is the module there? Else we log it!
@@ -69,11 +69,11 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (getTotalFatalErrors() =
                                LOAD_INC($INC);
                        } else {
                                // Missing request file, may happen while development
-                               DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", $_POST['request']);
+                               DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", REQUEST_POST('request'));
                        }
                } else {
                        // Unhandled request detected
-                       DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", $_POST['request']);
+                       DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", REQUEST_POST('request'));
                }
        } else {
                // Empty request
index 92ebdc48e6f55102f3086e73d57c3189ef712321..9eb0c4e9180ef6962a441aa04ff6c966022ac543 100644 (file)
@@ -53,7 +53,7 @@ REDIRECT_ON_UNINSTALLED_EXTENSION("doubler");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Probe for referal ID
-       if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']);
+       if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = SQL_ESCAPE(REQUEST_GET('refid'));
 
        // Only check this if refid is provided!
        if ($GLOBALS['refid'] > 0) {
@@ -89,22 +89,22 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        } // END - if
 
        // Begin with doubler script...
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Secure points (so only integer/double values are allowed
-               $_POST['points'] = bigintval($_POST['points']);
+               REQUEST_SET_POST('points', bigintval(REQUEST_POST('points')));
 
                // Begin with doubling process
-               if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points']))) {
+               if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) {
                        // Probe for nickname extension and if a nickname was entered
-                       $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid']));
+                       $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round(REQUEST_POST('userid'))."") != REQUEST_POST('userid')));
                        if ($probe_nickname) {
                                // Nickname in URL, so load the ID
                                $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
-                                       array($_POST['userid']), __FILE__, __LINE__);
+                                       array(REQUEST_POST('userid')), __FILE__, __LINE__);
                        } else {
                                // Direct userid entered
                                $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-                                       array(bigintval($_POST['userid'])), __FILE__, __LINE__);
+                                       array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__);
                        }
 
                        // Load data
@@ -115,13 +115,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        SQL_FREERESULT($result);
 
                        // Remove any dots and unwanted chars from the points
-                       $_POST['points'] = bigintval(round(REVERT_COMMA($_POST['points'])));
+                       REQUEST_SET_POST('points', bigintval(round(REVERT_COMMA(REQUEST_POST('points')))));
 
                        // Probe for enough points
-                       $probe_points = (($_POST['points'] >= getConfig('doubler_min')) && ($_POST['points'] <= getConfig('doubler_max')));
+                       $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max')));
 
                        // Check all together
-                       if ((!empty($uid)) && ($password == generateHash($_POST['pass'], substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
+                       if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
                                // Nickname resolved to a unique userid or direct userid entered by the member
                                $DOUBLER_UID = $uid;
 
@@ -129,17 +129,17 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                $points = GET_TOTAL_DATA($uid, "user_points", "points") - GET_TOTAL_DATA($uid, "user_data", "used_points");
 
                                // So let's continue with probing his points amount
-                               if (($points - getConfig('doubler_left') - $_POST['points'] * getConfig('doubler_charge')) >= 0) 
+                               if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) 
                                        // Enough points are left so let's continue with the doubling process
                                        // Create doubling "account" width *DOUBLED* points
                                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".GET_REMOTE_ADDR()."', UNIX_TIMESTAMP(), 'N','N')",
-                                               array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
+                                               array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__);
 
                                        // Subtract entered points
-                                       SUB_POINTS("doubler", $uid, $_POST['points']);
+                                       SUB_POINTS("doubler", $uid, REQUEST_POST('points'));
 
                                        // Add points to "total payed" including charge
-                                       $points = $_POST['points'] - $_POST['points'] * getConfig('doubler_charge');
+                                       $points = REQUEST_POST('points') - REQUEST_POST('points') * getConfig('doubler_charge');
                                        UPDATE_CONFIG("doubler_points", $points, "+");
                                        incrementConfigEntry('doubler_points', $points);
 
@@ -149,7 +149,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".GET_REMOTE_ADDR()."',UNIX_TIMESTAMP(),'N','Y')",
                                                        array(
                                                                bigintval($GLOBALS['refid']),
-                                                               bigintval($_POST['points'] * 2 * getConfig('doubler_ref'))
+                                                               bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref'))
                                                        ), __FILE__, __LINE__);
 
                                                // And that's why we don't want to you more than one referal level of doubler-points. ^^^
@@ -159,7 +159,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                        UPDATE_CONFIG("doubler_counter", 1, "+");
 
                                        // Set constant
-                                       define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, $_POST['userid']));
+                                       define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, REQUEST_POST('userid')));
                                } else {
                                        // Not enougth points left
                                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_NO_POINTS_LEFT'));
@@ -173,10 +173,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        } elseif ($status == "LOCKED") {
                                // Account is locked by admin / holiday!
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_LOCKED'));
-                       } elseif ($_POST['points'] < getConfig('doubler_min')) {
+                       } elseif (REQUEST_POST('points') < getConfig('doubler_min')) {
                                // Not enougth points entered
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MIN'));
-                       } elseif ($_POST['points'] > getConfig('doubler_max')) {
+                       } elseif (REQUEST_POST('points') > getConfig('doubler_max')) {
                                // Too much points entered
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX'));
                        } elseif ($probe_nickname) {
@@ -186,13 +186,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                // Wrong password or account not found
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER'));
                        }
-               } elseif (empty($_POST['userid'])) {
+               } elseif (!REQUEST_ISSET_POST(('userid'))) {
                        // Login not entered
                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN'));
-               } elseif (empty($_POST['pass'])) {
+               } elseif (!REQUEST_ISSET_POST(('pass'))) {
                        // Password not entered
                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD'));
-               } elseif (empty($_POST['points'])) {
+               } elseif (!REQUEST_ISSET_POST(('points'))) {
                        // points not entered
                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS'));
                }
diff --git a/img.php b/img.php
index 0d68f14238004d7b17e01511c5e19f599af8ec50..ba43157fc029cb372ce77182aae83ebccf193333 100644 (file)
--- a/img.php
+++ b/img.php
@@ -51,13 +51,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        LOAD_INC_ONCE("inc/header.php");
 
        // Code set?
-       if (!empty($_GET['code'])) {
+       if (REQUEST_ISSET_GET(('code'))) {
                // Generate image
-               GENERATE_IMAGE(bigintval($_GET['code']));
-       } elseif (!empty($_GET['tag'])) {
+               GENERATE_IMAGE(bigintval(REQUEST_GET('code')));
+       } elseif (REQUEST_ISSET_GET(('tag'))) {
                // Tag set so create the IFN (Include-FileName)
                $INC = sprintf("inc/img/tag-%s.php",
-                       SQL_ESCAPE($_GET['tag'])
+                       SQL_ESCAPE(REQUEST_GET('tag'))
                );
 
                // Include is readable?
index 44e0944eb0d7783731eac96028d75b8d2b49a9d4..7de291abbfe311f37bc7668a2524a4237feb0c7a 100644 (file)
@@ -37,8 +37,8 @@ if (!defined('__SECURITY')) {
        require($INC);
 }
 
-// 01    2              3             32        2         3321    12        3                     32    2                    21    1                        2                    21    1                        2                  21    1      2                 21    1                            10
-if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($GLOBALS['output_mode'] != 1)) {
+// 01    2              3             32        2         3321    12        3                     32    2                    21    1                        2                    21    1                        2                  21    1                  23          321    1                            10
+if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!REQUEST_ISSET_GET(('register'))) && ($GLOBALS['output_mode'] != 1)) {
        // Do daily things in external PHP file but only when script is completely setup
        // Daily reset was run!
        define('__DAILY_RESET', true);
diff --git a/inc/config-functions.php b/inc/config-functions.php
new file mode 100644 (file)
index 0000000..cde1fa3
--- /dev/null
@@ -0,0 +1,93 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : config-functions.php                             *
+ * -------------------------------------------------------------------- *
+ * Short description : Many non-MySQL functions (also file access)      *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Viele Nicht-MySQL-Funktionen (auch Dateizugriff) *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+}
+
+// Merges $_CONFIG with data in given array
+function mergeConfig ($newConfig) {
+       global $_CONFIG;
+       $_CONFIG = merge_array($_CONFIG, $newConfig);
+}
+
+// Getter for $_CONFIG entries
+function getConfig ($entry) {
+       global $_CONFIG;
+
+       // Default value
+       $value = null;
+
+       // Is the entry there?
+       if (isConfigEntrySet($entry)) {
+               // Then use it
+               $value = $_CONFIG[$entry];
+       } // END - if
+
+       // Return it
+       return $value;
+}
+
+// Setter for $_CONFIG entries
+function setConfigEntry ($entry, $value) {
+       global $_CONFIG;
+
+       // Secure the entry name
+       $entry = SQL_ESCAPE($entry);
+
+       // And set it
+       $_CONFIG[$entry] = $value;
+}
+
+// Checks wether the given config entry is set
+function isConfigEntrySet ($entry) {
+       global $_CONFIG;
+       return (isset($_CONFIG[$entry]));
+}
+
+// Increment or init with given value or 1 as default the given config entry
+function incrementConfigEntry ($configEntry, $value=1) {
+       global $_CONFIG;
+
+       // Increment it if set or init it with 1
+       if (getConfig($configEntry) > 0) {
+               $_CONFIG[$configEntry] += $value;
+       } else {
+               $_CONFIG[$configEntry] = $value;
+       }
+}
+
+// [EOF]
+?>
index 47e3ed7b381f37ad3b95a04eaefb19373ce8a8bb..911cbc4921259a48dfa54af73e51350b33f4eb93 100644 (file)
@@ -47,7 +47,7 @@ if (($GLOBALS['footer_sent'] != "1") && ($GLOBALS['footer_sent'] != "2") && ($GL
        } // END - if
 
        // Shall we display the copyright notice?
-       if ((empty($_GET['frame'])) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) {
+       if ((!REQUEST_ISSET_GET(('frame'))) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) {
                // Backlink enabled?
                if (isBooleanConstantAndTrue('ENABLE_BACKLINK')) {
                        // Copyright with backlink, thanks! :-)
@@ -59,7 +59,7 @@ if (($GLOBALS['footer_sent'] != "1") && ($GLOBALS['footer_sent'] != "2") && ($GL
        } // END - if
 
        // Shall we display the parsing time and number of queries?
-       if ((getConfig('show_timings') == "Y") && (empty($_GET['frame'])) && ($GLOBALS['header_sent'] == "2")) {
+       if ((getConfig('show_timings') == "Y") && (!REQUEST_ISSET_GET(('frame'))) && ($GLOBALS['header_sent'] == "2")) {
                // Then display it here
                DISPLAY_PARSING_TIME_FOOTER();
        } // END - if
index 6635ab0a6e672c2307207b1575129e70a0868df1..6d414a53865611bdec27ee2af04646c29c66fff6 100644 (file)
@@ -711,9 +711,9 @@ function GET_LANGUAGE() {
        $lang = "";
 
        // Is the variable set
-       if (!empty($_GET['mx_lang'])) {
+       if (REQUEST_ISSET_GET(('mx_lang'))) {
                // Accept only first 2 chars
-               $lang = substr($_GET['mx_lang'], 0, 2);
+               $lang = substr(REQUEST_GET('mx_lang'), 0, 2);
        } elseif (isset($GLOBALS['cache_array']['language'])) {
                // Use cached
                $ret = $GLOBALS['cache_array']['language'];
@@ -1677,7 +1677,7 @@ function ADD_EMAIL_NAV($PAGES, $offset, $show_form, $colspan, $return=false) {
        $NAV = "";
        for ($page = 1; $page <= $PAGES; $page++) {
                // Is the page currently selected or shall we generate a link to it?
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        // Is currently selected, so only highlight it
                        $NAV .= "<strong>-";
                } else {
@@ -1685,13 +1685,13 @@ function ADD_EMAIL_NAV($PAGES, $offset, $show_form, $colspan, $return=false) {
                        $NAV .= "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$GLOBALS['what']."&amp;page=".$page."&amp;offset=".$offset;
 
                        // Add userid when we shall show all mails from a single member
-                       if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) $NAV .= "&amp;u_id=".bigintval($_GET['u_id']);
+                       if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) $NAV .= "&amp;uid=".bigintval(REQUEST_GET('uid'));
 
                        // Close open anchor tag
                        $NAV .= "\">";
                }
                $NAV .= $page;
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        // Is currently selected, so only highlight it
                        $NAV .= "-</strong>";
                } else {
@@ -1974,7 +1974,7 @@ function MEMBER_ACTION_LINKS ($uid, $status = "") {
        $eval = "\$OUT = \"[&nbsp;";
 
        foreach ($TARGETS as $tar) {
-               $eval .= "<span class=\\\"admin_user_link\\\"><a href=\\\"{!URL!}/modules.php?module=admin&amp;what=".$tar."&amp;u_id=".$uid."\\\" title=\\\"{--ADMIN_LINK_";
+               $eval .= "<span class=\\\"admin_user_link\\\"><a href=\\\"{!URL!}/modules.php?module=admin&amp;what=".$tar."&amp;uid=".$uid."\\\" title=\\\"{--ADMIN_LINK_";
                //* DEBUG: */ echo "*".$tar."/".$status."*<br />\n";
                if (($tar == "lock_user") && ($status == "LOCKED")) {
                        // Locked accounts shall be unlocked
@@ -2172,9 +2172,9 @@ function ADD_URL_DATA ($URL) {
 
        if ((!defined('__COOKIES')) || ((!__COOKIES))) {
                // Cookies are not accepted
-               if ((!empty($_GET['refid'])) && (strpos($URL, "refid=") == 0)) {
+               if ((REQUEST_ISSET_GET(('refid'))) && (strpos($URL, "refid=") == 0)) {
                        // Cookie found in URL
-                       $ADD .= $BIND."refid=".bigintval($_GET['refid']);
+                       $ADD .= $BIND."refid=".bigintval(REQUEST_GET('refid'));
                } elseif ((GET_EXT_VERSION("sql_patches") != '') && (getConfig('def_refid') > 0)) {
                        // Not found! So let's set default here
                        $ADD .= $BIND."refid=".getConfig('def_refid');
@@ -2282,37 +2282,6 @@ function DISPLAY_PARSING_TIME_FOOTER() {
        LOAD_TEMPLATE("show_timings", false, $content);
 }
 
-// Unset/set session variables
-function set_session ($var, $value) {
-       // Abort in CSS mode here
-       if ($GLOBALS['output_mode'] == 1) return true;
-
-       // Trim value and session variable
-       $var = trim(SQL_ESCAPE($var)); $value = trim($value);
-
-       // Is the session variable set?
-       if (("".$value."" == "") && (isSessionVariableSet($var))) {
-               // Remove the session
-               //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."<br />\n";
-               unset($_SESSION[$var]);
-               return session_unregister($var);
-       } elseif (("".$value."" != '') && (!isSessionVariableSet($var))) {
-               // Set session
-               //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
-               $_SESSION[$var] =  $value;
-               return session_register($var);
-       } elseif (!empty($value)) {
-               // Update session
-               //* DEBUG: */ echo "UPDATE:".$var."=".$value."<br />\n";
-               $_SESSION[$var] = $value;
-               return true;
-       }
-
-       // Ignored (but valid)
-       //* DEBUG: */ echo "IGNORED:".$var."=".$value."<br />\n";
-       return true;
-}
-
 // Check wether a boolean constant is set
 // Taken from user comments in PHP documentation for function constant()
 function isBooleanConstantAndTrue($constName) { // : Boolean
@@ -2338,563 +2307,12 @@ function isBooleanConstantAndTrue($constName) { // : Boolean
        return $res;
 }
 
-// Check wether a session variable is set
-function isSessionVariableSet ($var) {
-       //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):var={$var}<br />\n";
-       return (isset($_SESSION[$var]));
-}
-// Returns wether the value of the session variable or NULL if not set
-function get_session ($var) {
-       // Default is not found! ;-)
-       $value = null;
-
-       // Is the variable there or cached values?
-       if (isset($GLOBALS['cache_array']['session'][$var])) {
-               // Get cached value (skips a lot SQL_ESCAPE() calles!
-               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-CACHE!<br />\n";
-               $value = $GLOBALS['cache_array']['session'][$var];
-       } elseif (isSessionVariableSet($var)) {
-               // Then  get it secured!
-               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-RESOLVE!<br />\n";
-               $value = SQL_ESCAPE($_SESSION[$var]);
-
-               // Cache the value
-               $GLOBALS['cache_array']['session'][$var] = $value;
-       } // END - if
-
-       // Return the value
-       return $value;
-}
-
-// Send notification to admin
-function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") {
-       if (GET_EXT_VERSION("admins") >= "0.4.1") {
-               // Send new way
-               SEND_ADMIN_EMAILS_PRO($subject, $templateName, $content, $uid);
-       } else {
-               // Send outdated way
-               $msg = LOAD_EMAIL_TEMPLATE($templateName, $content, $uid);
-               SEND_ADMIN_EMAILS($subject, $msg);
-       }
-}
-
-// Destroy user session
-function destroy_user_session () {
-       // Reset userid
-       $GLOBALS['userid'] = 0;
-
-       // Remove all user data from session
-       return ((set_session('userid', "")) && (set_session('u_hash', "")));
-}
-
-// Merges an array together but only if both are arrays
-function merge_array ($array1, $array2) {
-       // Are both an array?
-       if ((is_array($array1)) && (is_array($array2))) {
-               // Merge all together
-               return array_merge($array1, $array2);
-       } elseif (is_array($array1)) {
-               // Return left array
-               DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array2 is not an array. array != %s", gettype($array2)));
-               return $array1;
-       } elseif (is_array($array2)) {
-               // Return right array
-               DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array1 is not an array. array != %s", gettype($array1)));
-               return $array2;
-       }
-
-       // Both are not arrays
-       debug_report_bug(__FUNCTION__.": No arrays provided!");
-}
-
-// Debug message logger
-function DEBUG_LOG ($funcFile, $line, $message, $force=true) {
-       // Is debug mode enabled?
-       if ((isBooleanConstantAndTrue('DEBUG_MODE')) || ($force === true)) {
-               // Log this message away
-               $fp = fopen(constant('PATH')."inc/cache/debug.log", 'a') or mxchange_die("Cannot write logfile debug.log!");
-               fwrite($fp, date("d.m.Y|H:i:s", time())."|".basename($funcFile)."|".$line."|".strip_tags($message)."\n");
-               fclose($fp);
-       } // END - if
-}
-
-// Reads a directory with PHP files in and gets only files back
-function GET_DIR_AS_ARRAY ($baseDir, $prefix) {
-       $INCs = array();
-
-       // Open directory
-       $dirPointer = opendir($baseDir) or mxchange_die("Cannot read ".basename($baseDir)." path!");
-
-       // Read all entries
-       while ($baseFile = readdir($dirPointer)) {
-               // Load file only if extension is active
-               // Make full path
-               $FQFN = $baseDir.$baseFile;
-
-               // Is this a valid reset file?
-               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):baseDir={$baseDir},prefix={$prefix},baseFile={$baseFile}<br />\n";
-               if ((FILE_READABLE($FQFN)) && (substr($baseFile, 0, strlen($prefix)) == $prefix) && (substr($baseFile, -4, 4) == ".php")) {
-                       // Remove both for extension name
-                       $extName = substr($baseFile, strlen($prefix), -4);
-
-                       // Try to find it
-                       $extId = GET_EXT_ID($extName);
-
-                       // Is the extension valid and active?
-                       if (($extId > 0) && (EXT_IS_ACTIVE($extName))) {
-                               // Then add this file
-                               $INCs[] = $FQFN;
-                       } elseif ($extId == 0) {
-                               // Add non-extension files as well
-                               $INCs[] = $FQFN;
-                       }
-               } // END - if
-       } // END - while
-
-       // Close directory
-       closedir($dirPointer);
-
-       // Sort array
-       asort($INCs);
-
-       // Return array with include files
-       return $INCs;
-}
-// Load more reset scripts
-function RESET_ADD_INCLUDES () {
-       // Is the reset set or old sql_patches?
-       if ((!defined('__DAILY_RESET')) || (EXT_VERSION_IS_OLDER("sql_patches", "0.4.5"))) {
-               // Then abort here
-               return array();
-       } // END - if
-
-       // Get more daily reset scripts
-       $INC_POOL = GET_DIR_AS_ARRAY(constant('PATH')."inc/reset/", "reset_");
-
-       // Update database
-       if (!defined('DEBUG_RESET')) UPDATE_CONFIG("last_update", time());
-
-       // Create current week mark
-       $currWeek = date("W", time());
-
-       // Has it changed?
-       if (getConfig('last_week') != $currWeek) {
-               // Include weekly reset scripts
-               $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/weekly/", "weekly_"));
-
-               // Update config
-               if (!defined('DEBUG_WEEKLY')) UPDATE_CONFIG("last_week", $currWeek);
-       } // END - if
-
-       // Create current month mark
-       $currMonth = date("m", time());
-
-       // Has it changed?
-       if (getConfig('last_month') != $currMonth) {
-               // Include monthly reset scripts
-               $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/monthly/", "monthly_"));
-
-               // Update config
-               if (!defined('DEBUG_MONTHLY')) UPDATE_CONFIG("last_month", $currMonth);
-       } // END - if
-
-       // Return array
-       return $INC_POOL;
-}
-// Handle extra values
-function HANDLE_EXTRA_VALUES ($filterFunction, $value, $extraValue) {
-       // Default is the value itself
-       $ret = $value;
-
-       // Do we have a special filter function?
-       if (!empty($filterFunction)) {
-               // Does the filter function exist?
-               if (function_exists($filterFunction)) {
-                       // Do we have extra parameters here?
-                       if (!empty($extraValue)) {
-                               // Put both parameters in one new array by default
-                               $args = array($value, $extraValue);
-
-                               // If we have an array simply use it and pre-extend it with our value
-                               if (is_array($extraValue)) {
-                                       // Make the new args array
-                                       $args = merge_array(array($value), $extraValue);
-                               } // END - if
-
-                               // Call the multi-parameter call-back
-                               $ret = call_user_func_array($filterFunction, $args);
-                       } else {
-                               // One parameter call
-                               $ret = call_user_func($filterFunction, $value);
-                       }
-               } // END - if
-       } // END - if
-
-       // Return the value
-       return $ret;
-}
-// Check if given FQFN is a readable file
-function FILE_READABLE($fqfn) {
-       // Check all...
-       return ((file_exists($fqfn)) && (is_file($fqfn)) && (is_readable($fqfn)));
-}
-// Converts timestamp selections into a timestamp
-function CONVERT_SELECTIONS_TO_TIMESTAMP(&$POST, &$DATA, &$id, &$skip) {
-       // Init test variable
-       $test2 = "";
-
-       // Get last three chars
-       $test = substr($id, -3);
-
-       // Improved way of checking! :-)
-       if (in_array($test, array("_ye", "_mo", "_we", "_da", "_ho", "_mi", "_se"))) {
-               // Found a multi-selection for timings?
-               $test = substr($id, 0, -3);
-               if ((isset($POST[$test."_ye"])) && (isset($POST[$test."_mo"])) && (isset($POST[$test."_we"])) && (isset($POST[$test."_da"])) && (isset($POST[$test."_ho"])) && (isset($POST[$test."_mi"])) && (isset($POST[$test."_se"])) && ($test != $test2)) {
-                       // Generate timestamp
-                       $POST[$test] = CREATE_TIMESTAMP_FROM_SELECTIONS($test, $POST);
-                       $DATA[] = sprintf("%s='%s'", $test, $POST[$test]);
-
-                       // Remove data from array
-                       foreach (array("ye", "mo", "we", "da", "ho", "mi", "se") as $rem) {
-                               unset($POST[$test."_".$rem]);
-                       } // END - foreach
-
-                       // Skip adding
-                       unset($id); $skip = true; $test2 = $test;
-               } // END - if
-       } else {
-               // Process this entry
-               $skip = false; $test2 = "";
-       }
-}
-// Reverts the german decimal comma into Computer decimal dot
-function REVERT_COMMA ($str) {
-       // Default float is not a float... ;-)
-       $float = false;
-
-       // Which language is selected?
-       switch (GET_LANGUAGE()) {
-               case "de": // German language
-                       // Remove german thousand dots first
-                       $str = str_replace(".", "", $str);
-
-                       // Replace german commata with decimal dot and cast it
-                       $float = (float)str_replace(",", ".", $str);
-                       break;
-
-               default: // US and so on
-                       // Remove thousand dots first and cast
-                       $float = (float)str_replace(",", "", $str);
-                       break;
-       }
-
-       // Return float
-       return $float;
-}
-
-// Handle menu-depending failed logins and return the rendered content
-function HANDLE_LOGIN_FAILTURES ($accessLevel) {
-       // Default output is empty ;-)
-       $OUT = "";
-
-       // Is the session data set?
-       if ((isSessionVariableSet('mxchange_'.$accessLevel.'_failures')) && (isSessionVariableSet('mxchange_'.$accessLevel.'_last_fail'))) {
-               // Ignore zero values
-               if (get_session('mxchange_'.$accessLevel.'_failures') > 0) {
-                       // Non-guest has login failures found, get both data and prepare it for template
-                       //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):accessLevel={$accessLevel}<br />\n";
-                       $content = array(
-                               'login_failures' => get_session('mxchange_'.$accessLevel.'_failures'),
-                               'last_failure'   => MAKE_DATETIME(get_session('mxchange_'.$accessLevel.'_last_fail'), "2")
-                       );
-
-                       // Load template
-                       $OUT = LOAD_TEMPLATE("login_failures", true, $content);
-               } // END - if
-
-               // Reset session data
-               set_session('mxchange_'.$accessLevel.'_failures', "");
-               set_session('mxchange_'.$accessLevel.'_last_fail', "");
-       } // END - if
-
-       // Return rendered content
-       return $OUT;
-}
-
-// Rebuild cache
-function REBUILD_CACHE ($cache, $inc="") {
-       // Shall I remove the cache file?
-       if ((EXT_IS_ACTIVE("cache")) && (is_object($GLOBALS['cache_instance']))) {
-               // Rebuild cache
-               if ($GLOBALS['cache_instance']->loadCacheFile($cache)) {
-                       // Destroy it
-                       $GLOBALS['cache_instance']->destroyCacheFile();
-               } // END - if
-
-               // Include file given?
-               if (!empty($inc)) {
-                       // Construct FQFN
-                       $INC = sprintf("inc/loader/load_cache-%s.php", $inc);
-
-                       // Is the include there?
-                       if (INCLUDE_READABLE($INC)) {
-                               // And rebuild it from scratch
-                               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): inc={$inc} - LOADED!<br />\n";
-                               LOAD_INC($INC);
-                       } else {
-                               // Include not found!
-                               DEBUG_LOG(__FUNCTION__, __LINE__, "Include {$inc} not found. cache={$cache}");
-                       }
-               } // END - if
-       } // END - if
-}
-
-// Purge admin menu cache
-function CACHE_PURGE_ADMIN_MENU ($id=0, $action="", $what="", $str="") {
-       // Is the cache extension enabled or no cache instance or admin menu cache disabled?
-       if (!EXT_IS_ACTIVE("cache")) {
-               // Cache extension not active
-               return false;
-       } elseif (!is_object($GLOBALS['cache_instance'])) {
-               // No cache instance!
-               DEBUG_LOG(__FUNCTION__, __LINE__, " No cache instance found.");
-               return false;
-       } elseif ((!isConfigEntrySet('cache_admin_menu')) || (getConfig('cache_admin_menu') != "Y")) {
-               // Caching disabled (currently experiemental!)
-               return false;
-       }
-
-       // Experiemental feature!
-       debug_report_bug("<strong>Experimental feature:</strong> You have to delete the admin_*.cache files by yourself at this point.");
-}
-
-// Translates the "pool type" into human-readable
-function TRANSLATE_POOL_TYPE ($type) {
-       // Default type is unknown
-       $translated = sprintf(getMessage('POOL_TYPE_UNKNOWN'), $type);
-
-       // Generate constant
-       $constName = sprintf("POOL_TYPE_%s", $type);
-
-       // Does it exist?
-       if (defined($constName)) {
-               // Then use it
-               $translated = getMessage($constName);
-       } // END - if
-
-       // Return "translation"
-       return $translated;
-}
-
-// "Getter" for remote IP number
-function GET_REMOTE_ADDR () {
-       // Get remote ip from environment
-       $remoteAddr = getenv('REMOTE_ADDR');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $remoteAddr = GET_ANONYMOUS_REMOTE_ADDR($remoteAddr);
-       } // END - if
-
-       // Return it
-       return $remoteAddr;
-}
-// "Getter" for remote hostname
-function GET_REMOTE_HOST () {
-       // Get remote ip from environment
-       $remoteHost = getenv('REMOTE_HOST');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $remoteHost = GET_ANONYMOUS_REMOTE_HOST($remoteHost);
-       } // END - if
-
-       // Return it
-       return $remoteHost;
-}
-// "Getter" for user agent
-function GET_USER_AGENT () {
-       // Get remote ip from environment
-       $userAgent = getenv('HTTP_USER_AGENT');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $userAgent = GET_ANONYMOUS_USER_AGENT($userAgent);
-       } // END - if
-
-       // Return it
-       return $userAgent;
-}
-// "Getter" for referer
-function GET_REFERER () {
-       // Get remote ip from environment
-       $referer = getenv('HTTP_REFERER');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $referer = GET_ANONYMOUS_REFERER($referer);
-       } // END - if
-
-       // Return it
-       return $referer;
-}
-
-// Adds a bonus mail to the queue
-// This is a high-level function!
-function ADD_NEW_BONUS_MAIL ($data, $mode="", $output=true) {
-       // Use mode from data if not set and availble ;-)
-       if ((empty($mode)) && (isset($data['mode']))) $mode = $data['mode'];
-
-       // Generate receiver list
-       $RECEIVER = GENERATE_RECEIVER_LIST($data['cat'], $data['receiver'], $mode);
-
-       // Receivers added?
-       if (!empty($RECEIVER)) {
-               // Add bonus mail to queue
-               ADD_BONUS_MAIL_TO_QUEUE(
-                       $data['subject'],
-                       $data['text'],
-                       $RECEIVER,
-                       $data['points'],
-                       $data['seconds'],
-                       $data['url'],
-                       $data['cat'],
-                       $mode,
-                       $data['receiver']
-               );
-
-               // Mail inserted into bonus pool
-               if ($output) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_BONUS_SEND'));
-       } elseif ($output) {
-               // More entered than can be reached!
-               LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MORE_SELECTED'));
-       } else {
-               // Debug log
-               DEBUG_LOG(__FUNCTION__, __LINE__, " cat={$data['cat']},receiver={$data['receiver']},data=".base64_encode(serialize($data))." More selected, than available!");
-       }
-}
-
-// Determines referal id and sets it
-function DETERMINE_REFID () {
-       global $CLICK, $_SERVER;
-
-       // Check if refid is set
-       if ((!empty($_GET['user'])) && ($CLICK == 1) && (basename($_SERVER['PHP_SELF']) == "click.php")) {
-               // The variable user comes from the click-counter script click.php and we only accept this here
-               $GLOBALS['refid'] = bigintval($_GET['user']);
-       } elseif (!empty($_POST['refid'])) {
-               // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts)
-               $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid']));
-       } elseif (!empty($_GET['refid'])) {
-               // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts)
-               $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['refid']));
-       } elseif (!empty($_GET['ref'])) {
-               // Set refid=ref (the referal link uses such variable)
-               $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
-       } elseif ((isSessionVariableSet('refid')) && (get_session('refid') != 0)) {
-               // Set session refid als global
-               $GLOBALS['refid'] = bigintval(get_session('refid'));
-       } elseif ((GET_EXT_VERSION("sql_patches") != "") && (getConfig('def_refid') > 0)) {
-               // Set default refid as refid in URL
-               $GLOBALS['refid'] = bigintval(getConfig('def_refid'));
-       } elseif ((GET_EXT_VERSION("user") >= "0.3.4") && (getConfig('select_user_zero_refid')) == "Y") {
-               // Select a random user which has confirmed enougth mails
-               $GLOBALS['refid'] = SELECT_RANDOM_REFID();
-       } else {
-               // No default ID when sql_patches is not installed or none set
-               $GLOBALS['refid'] = 0;
-       }
-
-       // Set cookie when default refid > 0
-       if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && (getConfig('def_refid') > 0))) {
-               // Set cookie
-               set_session('refid', $GLOBALS['refid']);
-       } // END - if
-
-       // Return determined refid
-       return $GLOBALS['refid'];
-}
-
-// Destroys the admin session
-function destroyAdminSession ($destroy = true) {
-       // Kill maybe existing session variables including array elements
-       set_session('admin_login', "");
-       set_session('admin_md5'  , "");
-       set_session('admin_last' , "");
-       set_session('admin_to'   , "");
-
-       // Destroy session and return status
-       if ($destroy) {
-               return session_destroy();
-       } // END - if
-
-       // All fine if we shall not really destroy the session
-       return true;
-}
-
 // Checks if a given apache module is loaded
 function IF_APACHE_MODULE_LOADED ($apacheModule) {
        // Check it and return result
        return (((function_exists('apache_get_modules')) && (in_array($apacheModule, apache_get_modules()))) || (!function_exists('apache_get_modules')));
 }
 
-// Merges $_CONFIG with data in given array
-function mergeConfig ($newConfig) {
-       global $_CONFIG;
-       $_CONFIG = merge_array($_CONFIG, $newConfig);
-}
-
-// Getter for $_CONFIG entries
-function getConfig ($entry) {
-       global $_CONFIG;
-
-       // Default value
-       $value = null;
-
-       // Is the entry there?
-       if (isConfigEntrySet($entry)) {
-               // Then use it
-               $value = $_CONFIG[$entry];
-       } // END - if
-
-       // Return it
-       return $value;
-}
-
-// Setter for $_CONFIG entries
-function setConfigEntry ($entry, $value) {
-       global $_CONFIG;
-
-       // Secure the entry name
-       $entry = SQL_ESCAPE($entry);
-
-       // And set it
-       $_CONFIG[$entry] = $value;
-}
-
-// Checks wether the given config entry is set
-function isConfigEntrySet ($entry) {
-       global $_CONFIG;
-       return (isset($_CONFIG[$entry]));
-}
-
-// Increment or init with given value or 1 as default the given config entry
-function incrementConfigEntry ($configEntry, $value=1) {
-       global $_CONFIG;
-
-       // Increment it if set or init it with 1
-       if (getConfig($configEntry) > 0) {
-               $_CONFIG[$configEntry] += $value;
-       } else {
-               $_CONFIG[$configEntry] = $value;
-       }
-}
-
 // "Getter" for language strings
 // @TODO Rewrite all language constants to this function.
 function getMessage ($messageId) {
@@ -2943,17 +2361,17 @@ function GET_CURR_THEME() {
                        // Fix it to default
                        $ret = "default";
                } // END - if
-       } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) {
+       } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((REQUEST_ISSET_GET(('theme'))) || (REQUEST_ISSET_POST(('theme'))))) {
                // Prepare FQFN for checking
-               $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_GET['theme']));
+               $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_GET('theme')));
 
                // Installation mode active
-               if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) {
+               if ((REQUEST_ISSET_GET(('theme'))) && (FILE_READABLE($theme))) {
                        // Set cookie from URL data
-                       set_session('mxchange_theme', SQL_ESCAPE($_GET['theme']));
-               } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_POST['theme'])))) {
+                       set_session('mxchange_theme', SQL_ESCAPE(REQUEST_GET('theme')));
+               } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_POST('theme'))))) {
                        // Set cookie from posted data
-                       set_session('mxchange_theme', SQL_ESCAPE($_POST['theme']));
+                       set_session('mxchange_theme', SQL_ESCAPE(REQUEST_POST('theme')));
                }
 
                // Set return value
@@ -3250,8 +2668,8 @@ function convertCodeToMessage ($code) {
                        break;
 
                case constant('CODE_EXTENSION_PROBLEM'):
-                       if (isset($_GET['ext'])) {
-                               $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE($_GET['ext']));
+                       if (REQUEST_ISSET_GET(('ext'))) {
+                               $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE(REQUEST_GET('ext')));
                        } else {
                                $msg = getMessage('EXTENSION_PROBLEM_UNSET_EXT');
                        }
diff --git a/inc/handler.php b/inc/handler.php
new file mode 100644 (file)
index 0000000..e1e9523
--- /dev/null
@@ -0,0 +1,64 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : handler.php                                      *
+ * -------------------------------------------------------------------- *
+ * Short description : Handler functions (call-back)                    *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Handler-Funktionen (Call-Back)                   *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+       require($INC);
+}
+
+// Error handler function
+function __errorHandler ($errno, $errstr, $errfile, $errline) {
+       // Construct message
+       $msg = sprintf("errno=%s,errstr=%s,errfile=%s,errline=%s",
+               $errno,
+               $errstr,
+               basename($errfile),
+               $errline
+       );
+
+       // Write debug log message
+       DEBUG_LOG(__FUNCTION__, __LINE__, "".$msg, true);
+
+       // Output message to user and die
+       if (EXT_IS_ACTIVE("debug")) {
+               // Debug extension found! So Output a small message
+               mxchange_die("Error message written to debug.log. Please try to call <a href=\"{!URL!}\">the main page</a> to continue.");
+       } else {
+               // No debug extension found, so regular output
+               debug_report_bug($msg);
+       }
+}
+
+// [EOF]
+?>
index 650dce7dddc31d60ba1a836acfaaa2eac9acda57..8d3cd966dae7bd83d2aec88412ae80537774b7ff 100644 (file)
@@ -125,7 +125,7 @@ if (($GLOBALS['header_sent'] != "1") && ($GLOBALS['header_sent'] != "2")) {
 } // END - if
 
 // Load body or not
-if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($GLOBALS['header_sent'] == "1") && (!empty($_GET['frame']))) && ($GLOBALS['output_mode'] != "1")) {
+if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (REQUEST_ISSET_GET(('frame')))) || (($GLOBALS['header_sent'] == "1") && (REQUEST_ISSET_GET(('frame')))) && ($GLOBALS['output_mode'] != "1")) {
        // Is the header sent and the script is not the mail confirmation script and not a CSS?
        if (($GLOBALS['header_sent'] == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($GLOBALS['output_mode'] != "1")) {
                // Add BODY tag
diff --git a/inc/hooks.php b/inc/hooks.php
new file mode 100644 (file)
index 0000000..8bc6463
--- /dev/null
@@ -0,0 +1,55 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : hooks.php                                        *
+ * -------------------------------------------------------------------- *
+ * Short description : Hooks (call-backs)                               *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Hooks (Call-Back)                                *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+       require($INC);
+}
+
+// Call-back function for running shutdown functions and close database connection
+function __SHUTDOWN_HOOK () {
+       // Call the filter chain 'shutdown'
+       RUN_FILTER('shutdown', null, false);
+
+       if (SQL_IS_LINK_UP()) {
+               // Close link
+               SQL_CLOSE(__FILE__, __LINE__);
+       } else {
+               // No database link
+               addFatalMessage(getMessage('NO_DB_LINK'));
+       }
+}
+
+// [EOF]
+?>
index 1b8d1f486c1219b135e18b62ac8f6415cfe80e74..a6fbd91f2b21ac8c7951b2bc015e29537ec90989 100644 (file)
@@ -43,33 +43,33 @@ if (!defined('__SECURITY')) {
 
 // Init variables
 $mysql = "";
-if ((isset($_POST['mysql'])) && (is_array($_POST['mysql']))) $mysql = $_POST['mysql'];
+if ((REQUEST_ISSET_POST(('mysql'))) && (is_array(REQUEST_POST('mysql')))) $mysql = REQUEST_POST('mysql');
 
 // Check if both passwords from SMTP are matching
-if ((isset($_GET['page']) && ($_GET['page'] == 5))) {
+if ((REQUEST_ISSET_GET(('page')) && (REQUEST_GET('page') == 5))) {
        // Okay, we have to check it
-       if (!empty($_POST['smtp_user']) && (empty($_POST['smtp_host']))) {
+       if (REQUEST_ISSET_POST(('smtp_user')) && (!REQUEST_ISSET_POST(('smtp_host')))) {
                // Hostname not set
                OUTPUT_HTML(getMessage('INSTALL_SMTP_HOSTNAME_EMPTY')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 
-       if ((empty($_POST['smtp_pass1'])) && (!empty($_POST['smtp_pass2']))) {
+       if ((!REQUEST_ISSET_POST(('smtp_pass1'))) && (REQUEST_ISSET_POST(('smtp_pass2')))) {
                // Password is empty
                OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS1_EMPTY')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 
-       if ((!empty($_POST['smtp_pass1'])) && (empty($_POST['smtp_pass2']))) {
+       if ((REQUEST_ISSET_POST(('smtp_pass1'))) && (!REQUEST_ISSET_POST(('smtp_pass2')))) {
                // Password repeat is empty
                OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS2_EMPTY')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 
-       if ($_POST['smtp_pass1'] != $_POST['smtp_pass1']) {
+       if (REQUEST_POST('smtp_pass1') != REQUEST_POST('smtp_pass1')) {
                // Passwords are not matching
                OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS_MISMATCH')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 } // END - if
 
@@ -80,7 +80,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
        define('__BURL_ACTION', constant('URL'));
 
        // Output page for entered value
-       switch ($_GET['page'])
+       switch (REQUEST_GET('page'))
        {
        case "welcome": // Welcome to the installation!
                LOAD_TEMPLATE("install_welcome");
@@ -108,11 +108,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                define('__MYSQL_DBASE' , $mysql['dbase']);
                define('__MYSQL_PREFIX', $mysql['prefix']);
                define('__MYSQL_LOGIN' , $mysql['login']);
-               define('__SPATH_VALUE' , $_POST['spath']);
-               define('__BURL_VALUE'  , $_POST['burl']);
-               define('__TITLE_VALUE' , $_POST['title']);
-               define('__SLOGAN_VALUE', $_POST['slogan']);
-               define('__EMAIL_VALUE' , $_POST['email']);
+               define('__SPATH_VALUE' , REQUEST_POST('spath'));
+               define('__BURL_VALUE'  , REQUEST_POST('burl'));
+               define('__TITLE_VALUE' , REQUEST_POST('title'));
+               define('__SLOGAN_VALUE', REQUEST_POST('slogan'));
+               define('__EMAIL_VALUE' , REQUEST_POST('email'));
 
                // Load template
                LOAD_TEMPLATE("install_page2");
@@ -120,11 +120,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
 
        case "3":
                // Set more values
-               define('__SPATH_VALUE'  , $_POST['spath']);
-               define('__BURL_VALUE'   , $_POST['burl']);
-               define('__TITLE_VALUE'  , $_POST['title']);
-               define('__SLOGAN_VALUE' , $_POST['slogan']);
-               define('__EMAIL_VALUE'  , $_POST['email']);
+               define('__SPATH_VALUE'  , REQUEST_POST('spath'));
+               define('__BURL_VALUE'   , REQUEST_POST('burl'));
+               define('__TITLE_VALUE'  , REQUEST_POST('title'));
+               define('__SLOGAN_VALUE' , REQUEST_POST('slogan'));
+               define('__EMAIL_VALUE'  , REQUEST_POST('email'));
 
                // Use default SMTP data
                $smtpHost  = constant('SMTP_HOSTNAME');
@@ -133,8 +133,8 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                $smtpPass2 = constant('SMTP_PASSWORD');
 
                // Overwrite it with the data from sent (failed) form
-               if (!empty($_POST['smtp_host'])) $smtpHost = $_POST['smtp_host'];
-               if (!empty($_POST['smtp_user'])) $smtpUser = $_POST['smtp_user'];
+               if (REQUEST_ISSET_POST(('smtp_host'))) $smtpHost = REQUEST_POST('smtp_host');
+               if (REQUEST_ISSET_POST(('smtp_user'))) $smtpUser = REQUEST_POST('smtp_user');
 
                // MySQL settings
                define('__MYSQL_HOST'   , $mysql['host']);
@@ -156,11 +156,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
 
        case "5": // Misc settings
                // General settings
-               define('__SPATH_VALUE'  , $_POST['spath']);
-               define('__BURL_VALUE'   , $_POST['burl']);
-               define('__TITLE_VALUE'  , $_POST['title']);
-               define('__SLOGAN_VALUE' , $_POST['slogan']);
-               define('__EMAIL_VALUE'  , $_POST['email']);
+               define('__SPATH_VALUE'  , REQUEST_POST('spath'));
+               define('__BURL_VALUE'   , REQUEST_POST('burl'));
+               define('__TITLE_VALUE'  , REQUEST_POST('title'));
+               define('__SLOGAN_VALUE' , REQUEST_POST('slogan'));
+               define('__EMAIL_VALUE'  , REQUEST_POST('email'));
 
                // MySQL settings
                define('__MYSQL_HOST'   , $mysql['host']);
@@ -169,9 +169,9 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                define('__MYSQL_LOGIN'  , $mysql['login']);
 
                // SMTP settings
-               define('__SMTP_HOST'    , $_POST['smtp_host']);
-               define('__SMTP_USER'    , $_POST['smtp_user']);
-               define('__SMTP_PASS'    , $_POST['smtp_pass1']);
+               define('__SMTP_HOST'    , REQUEST_POST('smtp_host'));
+               define('__SMTP_USER'    , REQUEST_POST('smtp_user'));
+               define('__SMTP_PASS'    , REQUEST_POST('smtp_pass1'));
                OUTPUT_HTML("<form action=\"{!__BURL_ACTION!}/install.php?page=finalize\" method=\"POST\" target=\"_self\">
 <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"install_content\">
 <tr>
@@ -264,7 +264,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                break;
 
        case "finalize": // Write captured data to files
-               if ((!empty($_POST['finalize'])) && (!isBooleanConstantAndTrue('mxchange_installed'))) {
+               if ((REQUEST_ISSET_POST(('finalize'))) && (!isBooleanConstantAndTrue('mxchange_installed'))) {
                        // You have submitted data then we have to reset the fatal messages
                        $SQLs = array();
 
@@ -274,11 +274,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                // Seems to work, also right database?
                                if (SQL_SELECT_DB($mysql['dbase'], __FILE__, __LINE__) === true) {
                                        // Automatically run install.sql
-                                       if ((FILE_READABLE($_POST['spath']."install/tables.sql")) && (FILE_READABLE($_POST['spath']."install/menu-".GET_LANGUAGE().".sql"))) {
+                                       if ((FILE_READABLE(REQUEST_POST('spath')."install/tables.sql")) && (FILE_READABLE(REQUEST_POST('spath')."install/menu-".GET_LANGUAGE().".sql"))) {
                                                // Both exists so import them
                                                foreach (array("tables.sql", "menu-".GET_LANGUAGE().".sql") as $dump) {
                                                        // Should be save here because file_exists() is there but we check it again. :)
-                                                       $FQFN = secureString($_POST['spath']) . "install/" . $dump;
+                                                       $FQFN = secureString(REQUEST_POST('spath')) . "install/" . $dump;
                                                        if (FILE_READABLE($FQFN)) {
                                                                // Read the file
                                                                $SQLs = READ_FILE($FQFN, true);
@@ -311,24 +311,24 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                                } // END - foreach
 
                                                // Ok, all done. So we can write the config data to the php files
-                                               if ($_POST['spath'] != constant('PATH')) changeDataInFile($_POST['spath']."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", $_POST['spath'], 0);
-                                               if ($_POST['burl']  != constant('URL'))  changeDataInFile($_POST['spath']."inc/config.php", "HOST-URL", "define('URL', \"", "\");", $_POST['burl'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", $_POST['title'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", $_POST['slogan'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", $_POST['email'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", $_POST['warn_no_pass'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", $_POST['wfooter'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", $_POST['blink'], 0);
-                                               // changeDataInFile($_POST['spath']."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", $_POST['omode'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-HOST", "      'host'     => \"", "\",", $mysql['host'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-DBASE", "     'dbase'    => \"", "\",", $mysql['dbase'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-LOGIN", "     'login'    => \"", "\",", $mysql['login'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PASSWORD", "  'password' => \"", "\",", $mysql['pass1'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", $_POST['smtp_host'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
+                                               if (REQUEST_POST('spath') != constant('PATH')) changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", REQUEST_POST('spath'), 0);
+                                               if (REQUEST_POST('burl')  != constant('URL'))  changeDataInFile(REQUEST_POST('spath')."inc/config.php", "HOST-URL", "define('URL', \"", "\");", REQUEST_POST('burl'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", REQUEST_POST('title'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", REQUEST_POST('slogan'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", REQUEST_POST('email'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", REQUEST_POST('warn_no_pass'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", REQUEST_POST('wfooter'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", REQUEST_POST('blink'), 0);
+                                               // DEACTIVATED: changeDataInFile(REQUEST_POST('spath')."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", REQUEST_POST('omode'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-HOST", "        'host'     => \"", "\",", $mysql['host'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-DBASE", "       'dbase'    => \"", "\",", $mysql['dbase'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-LOGIN", "       'login'    => \"", "\",", $mysql['login'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PASSWORD", "    'password' => \"", "\",", $mysql['pass1'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", REQUEST_POST('smtp_host'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", REQUEST_POST('smtp_user'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", REQUEST_POST('smtp_pass1'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
                                        } else {
                                                // Installation area not found!
                                                addFatalMessage(getMessage('INSTALL_MISSING_DUMPS'));
@@ -347,12 +347,12 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                        $OUT .= "    <input type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">\n";
                                } // END foreach
                                define('__MYSQL_DATA'   , $OUT);
-                               define('__SPATH_VALUE'  , $_POST['spath']);
-                               define('__BURL_VALUE'   , $_POST['burl']);
-                               define('__TITLE_VALUE'  , $_POST['title']);
-                               define('__SMTP_HOST'    , $_POST['smtp_host']);
-                               define('__SMTP_USER'    , $_POST['smtp_user']);
-                               define('__SMTP_PASS'    , $_POST['smtp_pass']);
+                               define('__SPATH_VALUE'  , REQUEST_POST('spath'));
+                               define('__BURL_VALUE'   , REQUEST_POST('burl'));
+                               define('__TITLE_VALUE'  , REQUEST_POST('title'));
+                               define('__SMTP_HOST'    , REQUEST_POST('smtp_host'));
+                               define('__SMTP_USER'    , REQUEST_POST('smtp_user'));
+                               define('__SMTP_PASS'    , REQUEST_POST('smtp_pass1'));
 
                                // Load template
                                LOAD_TEMPLATE("install_fatal_errors");
@@ -371,7 +371,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                break;
 
        default:
-               DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", $_GET['page']));
+               DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", REQUEST_GET('page')));
                OUTPUT_HTML("    <div class=\"install_error\">{--WRONG_PAGE--}</strong>");
                break;
        }
index 5f3c4a5d5dc7a73b1a59e04f2f6c246c64663265..71e179e00e7c052c8896e2309ac183ae252b80fc 100644 (file)
@@ -145,7 +145,7 @@ WHERE email='%s'".$locked." LIMIT 1",
                        list($uid) = SQL_FETCHROW($result);
 
                        // Rewrite email address to contact link
-                       $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;u_id=".bigintval($uid);
+                       $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;uid=".bigintval($uid);
                }
 
                // Free memory
@@ -250,7 +250,7 @@ WHERE id=%s LIMIT 1",
        }
 
        // Remove cache file
-       RUN_FILTER('post_admin_edited', $_POST);
+       RUN_FILTER('post_admin_edited', REQUEST_POST_ARRAY());
 }
 
 // Make admin accounts editable
@@ -364,7 +364,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
        }
 
        // Remove cache if cache system is activated
-       RUN_FILTER('post_admin_deleted', $_POST);
+       RUN_FILTER('post_admin_deleted', REQUEST_POST_ARRAY());
 }
 
 // List all admin accounts
index 7fccd6fa40c83f3e62448bbffeb51dce04cf005a..f0626fb3b234b1efbfed36216348d6d224a02787 100644 (file)
@@ -150,7 +150,7 @@ function NL_INSERT_URLS ($text) {
 //
 function SEND_NEWSLETTER ($TO, $SUBJECT, $MSG, $MODE) {
        // Send mail away as HTML
-       if ($_POST['auto_urls'] == "Y") {
+       if (REQUEST_POST('auto_urls') == "Y") {
                // Automatically insert URLs into newsletter
                if ((EXT_IS_ACTIVE("html")) && ($MODE == "html")) {
                        // Send HTML mail
index 34da5e8dd51709bc06a94b6d851b8d754ac34ade..04228a1cfe247eadfe50c9d2bb02916c4a895b98 100644 (file)
@@ -236,7 +236,7 @@ class PrimeraApi {
 // is not false the API data is valid, else invalid
 function PRIMERA_TEST_API () {
        // Get new instance
-       $api = new PrimeraApi($_POST['primera_api_name'], $_POST['primera_api_md5']);
+       $api = new PrimeraApi(REQUEST_POST('primera_api_name'), REQUEST_POST('primera_api_md5'));
 
        // Was that fine?
        return ($api->getPrimera() !== false);
index d38b61b2e6861a618e28497524bdd649c49d2369..aa4859a4e11e4af579e86f6420a64193dca288e9 100644 (file)
@@ -737,10 +737,10 @@ function RALLYE_GET_REFCOUNT($uid, $old=0) {
        if (GET_EXT_VERSION("cache") >= "0.1.2") {
                // Get refs from cache
                $cnt = 0;
-               foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $u_id) {
+               foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $uid) {
                        // Do we have a ref for this user?
-                       //* DEBUG: */ echo "id={$id},u_id={$u_id},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}<br />\n";
-                       if (($u_id == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) {
+                       //* DEBUG: */ echo "id={$id},uid={$uid},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}<br />\n";
+                       if (($uid == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) {
                                //* DEBUG: */ echo "uid matches!<br />\n";
                                foreach ($GLOBALS['cache_array']['ref_depths']['level'] as $level) {
                                        if (($level == $GLOBALS['cache_array']['refsystem']['level'][$id]) && ($level == 1)) {
index 1d36cd12a4ef0a28ea38fe35c27e3369fb50b7f8..5f82f17270d6a2f6d7502fff95c20887e477a1ab 100644 (file)
@@ -117,7 +117,7 @@ function REGISTER_ADD_CATEGORY_TABLE ($MODE, $return=false) {
                $SW = 2;
                $OUT .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n";
                while (list($id, $cat, $visible) = SQL_FETCHROW($result)) {
-                       if (empty($_POST['cat'][$id])) $_POST['cat'][$id] = "";
+                       if (!REQUEST_ISSET_POST(('cat', $id))) REQUEST_POST('cat', $id) = "";
                        // Prepare array for the template
                        $content = array(
                                'sw'    => $SW,
@@ -127,7 +127,7 @@ function REGISTER_ADD_CATEGORY_TABLE ($MODE, $return=false) {
                                'id'    => $id,
                        );
 
-                       if (($_POST['cat'][$id] == "Y") || ((getConfig('register_default') == "Y") && (empty($_POST['cat'][$id])))) {
+                       if ((REQUEST_POST('cat', $id) == "Y") || ((getConfig('register_default') == "Y") && (!REQUEST_ISSET_POST(('cat', $id))))) {
                                $content['def_y'] = " checked=\"checked\"";
                        } else {
                                $content['def_n'] = " checked=\"checked\"";
index e7fa920e68c4d433f8919b0cb8a50ec4f1993fc4..769fb7ad2f5cc8acb989766e59361de01c78c3f0 100644 (file)
@@ -83,7 +83,7 @@ function REWRITE_LINKS ($HTML) {
 
        // Simple from->to replacements
        $REPLACE = array(
-               'search'  => array("u_id", "url", "page", "offset", "mid", "bid", "sub", "home"),
+               'search'  => array("uid", "url", "page", "offset", "mid", "bid", "sub", "home"),
                'replace' => array("u"   , "url", "page", "offset", "m"  , "b"  , "s"  , "h")
        );
 
@@ -96,7 +96,7 @@ function REWRITE_LINKS ($HTML) {
        // Replace all array elements through
        foreach ($REPLACE['search'] as $k => $v) {
                if (eregi("$v=", $test)) {
-                       // Replace &amp;u_id= with /u/
+                       // Replace &amp;uid= with /u/
                        $test = preg_replace("/&amp;".$v."=/i", "/".$REPLACE['replace'][$k]."/", $test);
                } // END - if
        } // END - foreach
index 4f6dafa9c28e6dcac17614d7456f1aa4fedca15d..5a24877ff08efa8b93bd565d1b8925eb4d160f92 100644 (file)
@@ -132,7 +132,7 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_S
 
                        // Remove last ", " from SQL string
                        $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
-                       $DATA['values'][] = bigintval($_GET['id']);
+                       $DATA['values'][] = bigintval(REQUEST_GET('id'));
 
                        // Generate message
                        $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
index 8fa321af6a1ff8d29b1a76f97413b359425f0eba..390f874e4dc610efde2d2df4a08d5387dec3b19b 100644 (file)
@@ -772,10 +772,10 @@ function SURFBAR_DETERMINE_TEMPLATE_NAME() {
        $templateName = "surfbar_frameset";
 
        // Any frame set? ;-)
-       if (isset($_GET['frame'])) {
+       if (REQUEST_ISSET_GET(('frame'))) {
                // Use the frame as a template name part... ;-)
                $templateName = sprintf("surfbar_frame_%s",
-                       SQL_ESCAPE($_GET['frame'])
+                       SQL_ESCAPE(REQUEST_GET('frame'))
                );
        } // END - if
 
index 2dfcac22cb3b7e0e562b58950458878519f64e9a..58c866dc7ffc47b8c8e7ca03fc3cf199934c9033 100644 (file)
@@ -194,9 +194,9 @@ function GET_CURR_THEME_NAME () {
 $GLOBALS['curr_theme'] = GET_CURR_THEME();
 
 // Check if new theme is selcted
-if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $GLOBALS['curr_theme'])) {
+if ((REQUEST_ISSET_POST(('new_theme'))) && (REQUEST_POST('new_theme') != $GLOBALS['curr_theme'])) {
        // Set new theme for guests
-       $newTheme = $_POST['new_theme'];
+       $newTheme = REQUEST_POST('new_theme');
 
        // Change to new theme
        set_session('mxchange_theme', $newTheme);
index 05d43f9a84d1d829cf554a258301afbd762e6b9b..2d40f4520a7a9be846c747f8fac90cb711c82b26 100644 (file)
@@ -39,22 +39,22 @@ if (!defined('__SECURITY')) {
 
 // Add links for selecting some users
 function alpha ($sortby, $colspan, $return=false) {
-       if (empty($_GET['offset'])) $_GET['offset'] = 0;
-       $ADD = "&amp;page=".SQL_ESCAPE($_GET['page'])."&amp;offset=".SQL_ESCAPE($_GET['offset']);
-       if (!empty($_GET['mode'])) $ADD .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+       if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0);
+       $ADD = "&amp;page=".SQL_ESCAPE(REQUEST_GET('page'))."&amp;offset=".SQL_ESCAPE(REQUEST_GET('offset'));
+       if (REQUEST_ISSET_GET(('mode'))) $ADD .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
 
        /* Creates the list of letters and makes them a link. */
        $alphabet = array(_ALL2,"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",_OTHERS);
        $num = count($alphabet) - 1;
        $OUT = "";
        while (list($counter, $ltr) = each($alphabet)) {
-               if ($_GET['letter'] == $ltr) {
+               if (REQUEST_GET('letter') == $ltr) {
                        // Current letter is letter from URL
                        $OUT .= "<strong>".$ltr."</strong>";
                } else {
                        // Output link to letter
                        $OUT .= "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$GLOBALS['what'];
-                       if (!empty($_GET['mode'])) $OUT .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+                       if (REQUEST_ISSET_GET(('mode'))) $OUT .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
                        $OUT .= "&amp;letter=".$ltr."&amp;sortby=".$sortby.$ADD."\">".$ltr."</a>";
                }
 
@@ -81,15 +81,15 @@ function alpha ($sortby, $colspan, $return=false) {
 // Add links for sorting
 function SortLinks($letter, $sortby, $colspan, $return=false) {
        $OUT = "";
-       if (empty($_GET['offset'])) $_GET['offset'] = 0;
-       if (empty($_GET['page']))   $_GET['page'] = 0;
+       if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0);
+       if (!REQUEST_ISSET_GET(('page')))   REQUEST_SET_GET('page'  , 0);
 
        // Add page and offset
-       $ADD = "&amp;page=".SQL_ESCAPE($_GET['page'])."&amp;offset=".SQL_ESCAPE($_GET['offset']);
+       $ADD = "&amp;page=".SQL_ESCAPE(REQUEST_GET('page'))."&amp;offset=".SQL_ESCAPE(REQUEST_GET('offset'));
 
        // Add status or mode
-       if (!empty($_GET['status'])) $ADD .= "&amp;mode=".SQL_ESCAPE($_GET['status']);
-        elseif (!empty($_GET['mode'])) $ADD .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+       if (REQUEST_ISSET_GET(('status'))) $ADD .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('status'));
+        elseif (REQUEST_ISSET_GET(('mode'))) $ADD .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
 
        // Makes order by links..
        if ($letter == "front") $letter = _ALL2;
@@ -148,26 +148,26 @@ function ADD_PAGENAV($PAGES, $offset, $show_form, $colspan,$return=false) {
 
        $OUT = "";
        for ($page = 1; $page <= $PAGES; $page++) {
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        $OUT .= "<strong>-";
                } else {
-                       if (empty($_GET['letter'])) $_GET['letter'] = _ALL2;
-                       if (empty($_GET['sortby'])) $_GET['sortby'] = "userid";
+                       if (!REQUEST_ISSET_GET(('letter'))) REQUEST_SET_GET('letter', getMessage('_ALL2'));
+                       if (!REQUEST_ISSET_GET(('sortby'))) REQUEST_SET_GET('sortby', "userid");
 
                        // Base link
                        $OUT .= "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$GLOBALS['what'];
 
                        // Add status or mode
-                       if (!empty($_GET['status'])) $OUT .= "&amp;mode=".SQL_ESCAPE($_GET['status']);
-                        elseif (!empty($_GET['mode'])) $OUT .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+                       if (REQUEST_ISSET_GET(('status'))) $OUT .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('status'));
+                        elseif (REQUEST_ISSET_GET(('mode'))) $OUT .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
 
                         // Letter and so on
-                       $OUT .= "&amp;letter=".SQL_ESCAPE($_GET['letter'])."&amp;sortby=".SQL_ESCAPE($_GET['sortby'])."&amp;page=".$page."&amp;offset=".$offset."\">";
+                       $OUT .= "&amp;letter=".SQL_ESCAPE(REQUEST_GET('letter'))."&amp;sortby=".SQL_ESCAPE(REQUEST_GET('sortby'))."&amp;page=".$page."&amp;offset=".$offset."\">";
                }
 
                $OUT .= $page;
 
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        $OUT .= "-</strong>";
                } else  {
                        $OUT .= "</a>";
@@ -206,7 +206,7 @@ WHERE email='%s'".$locked." LIMIT 1",
                list($uid) = SQL_FETCHROW($result);
 
                // Rewrite email address to contact link
-               $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;u_id=".bigintval($uid);
+               $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;uid=".bigintval($uid);
        } // END - if
 
        // Free memory
index f72adf4b19c0210b9ef798cc2828c5ba1df85e33..7261d1cddcad84f4bd02cf169f6f6aa612991b77 100644 (file)
@@ -55,16 +55,19 @@ $ret = "init";
 // Is no admin registered?
 if (!isBooleanConstantAndTrue('admin_registered')) {
        // Admin is not registered so we have to inform the user
-       if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
-       if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+       if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+               REQUEST_SET_POST('ok', "***");
+       }
+
+       if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
                // Hash the password with the old function because we are here in install mode
-               $hashedPass = md5($_POST['pass']);
+               $hashedPass = md5(REQUEST_POST('pass'));
 
                // Kill maybe existing session variables
                destroyAdminSession(false);
 
                // Do registration
-               $ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
+               $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass);
                switch ($ret)
                {
                case "done":
@@ -108,25 +111,25 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        // Whas that action okay?
        if ($ret != "done") {
                // Fixes another "Notice"
-               if (!empty($_POST['login'])) {
-                       define('__LOGIN_VALUE', $_POST['login']);
+               if (REQUEST_ISSET_POST(('login'))) {
+                       define('__LOGIN_VALUE', REQUEST_POST('login'));
                } else {
                        define('__LOGIN_VALUE', "");
                }
 
                // Yet-another "Notice" fix
-               if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) {
+               if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) {
                        // No login entered?
-                       if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+                       if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
 
                        // An error comes back from registration?
                        if (!empty($ret)) $MSG1 = $ret;
 
                        // No password entered?
-                       if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+                       if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
 
                        // Or password too short?
-                       if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+                       if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
 
                        // Output error messages
                        define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
@@ -143,27 +146,27 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load register template
                LOAD_TEMPLATE("admin_reg_form");
        }
-} elseif (isset($_GET['reset_pass'])) {
+} elseif (REQUEST_ISSET_GET(('reset_pass'))) {
        // Is the form submitted?
-       if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) {
+       if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) {
                // Try to send the link out
-               $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']);
+               $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email'));
 
                // Output result
                LOAD_TEMPLATE("admin_settings_saved", false, $OUT);
-       } elseif (!empty($_GET['hash'])) {
+       } elseif (REQUEST_ISSET_GET(('hash'))) {
                // Output form for hash validation
-               LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']);
-       } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) {
+               LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash'));
+       } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) {
                // Validate the login data and hash
-               $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']);
+               $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'));
 
                // Valid?
                if ($valid === true) {
                        // Prepare content first
                        $content = array(
-                               'hash'  => SQL_ESCAPE($_POST['hash']),
-                               'login' => SQL_ESCAPE($_POST['login'])
+                               'hash'  => SQL_ESCAPE(REQUEST_POST('hash')),
+                               'login' => SQL_ESCAPE(REQUEST_POST('login'))
                        );
 
                        // Validation okay so display form for final password change
@@ -172,11 +175,11 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        // Cannot validate the login data and hash
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
                }
-       } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+       } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
                // Okay, we shall the admin password here. So first revalidate the hash
-               if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) {
+               if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
                        // Set the password now
-                       $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']);
+                       $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
 
                        // Output result
                        LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
@@ -195,16 +198,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                LOAD_URL("modules.php?module=admin&amp;action=login&amp;logout=1");
        } // END - if
 
-       if (!empty($_GET['register'])) {
+       if (REQUEST_ISSET_GET(('register'))) {
                // Registration of first admin is done
-               if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
+               if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
        } // END - if
 
        // Check if the admin has submitted data or not
-       if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
-       if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+       if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+               REQUEST_SET_POST('ok', "***");
+       }
+
+       if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
                // All required data was entered so we check his account
-               $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']);
+               $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
 
                // Which status do we have?
                switch ($ret)
@@ -221,20 +227,20 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        // Add data to URL
                        if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
                         elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
-                        elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+                        elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area');
 
                        // Load URL
                        LOAD_URL($URL);
                        break;
 
                case "404": // Administrator login not found
-                       $_POST['ok'] = $ret;
+                       REQUEST_SET_POST('ok', $ret);
                        $ret = getMessage('ADMIN_NOT_FOUND');
                        destroyAdminSession();
                        break;
 
                case "pass": // Wrong password
-                       $_POST['ok'] = $ret;
+                       REQUEST_SET_POST('ok', $ret);
                        $ret = "{--WRONG_PASS--} [<a href=\"{!URL!}/modules.php?module=admin&amp;reset_pass=1\">{--ADMIN_RESET_PASS--}</a>]\n";
                        destroyAdminSession();
                        break;
@@ -247,30 +253,30 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
 
        // Error detected?
        if ($ret != "done") {
-               if (!empty($_POST['login'])) {
-                       define('__LOGIN_VALUE', $_POST['login']);
+               if (REQUEST_ISSET_POST(('login'))) {
+                       define('__LOGIN_VALUE', REQUEST_POST('login'));
                } else {
                        define('__LOGIN_VALUE', "");
                }
 
-               if (isset($_POST['ok'])) {
+               if (IS_FORM_SENT()) {
                        // Set messages to zero
                        $MSG1 = ""; $MSG2 = "";
 
                        // No login entered?
-                       if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+                       if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
 
                        // An error comes back from login?
-                       if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret;
+                       if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret;
 
                        // No password entered?
-                       if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+                       if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
 
                        // Or password too short?
-                       if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+                       if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
 
                        // An error comes back from login?
-                       if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret;
+                       if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret;
 
                        // Load message template
                        define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
@@ -296,9 +302,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                                // Set default values
                                $content = array('target' => "action", 'value' => "login");
                        }
-               } elseif (!empty($_GET['area'])) {
+               } elseif (REQUEST_ISSET_GET(('area'))) {
                        // Restore old area value
-                       $content = array('target' => "area", 'value' => $_GET['area']);
+                       $content = array('target' => "area", 'value' => REQUEST_GET('area'));
                } else {
                        // Set default values
                        $content = array('target' => "action", 'value' => "login");
@@ -307,19 +313,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load login form template
                LOAD_TEMPLATE("admin_login_form", false, $content);
        } // END - if
-} elseif (isset($_GET['logout'])) {
+} elseif (REQUEST_ISSET_GET(('logout'))) {
        // Only try to remove cookies
        if (destroyAdminSession()) {
                // Load logout template
-               if (isset($_GET['register'])) {
+               if (REQUEST_ISSET_GET(('register'))) {
                        // Secure input
-                       $register = SQL_ESCAPE($_GET['register']);
+                       $register = SQL_ESCAPE(REQUEST_GET('register'));
 
                        // Special logout redirect for installation of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
-               } elseif (isset($_GET['remove'])) {
+               } elseif (REQUEST_ISSET_GET(('remove'))) {
                        // Secure input
-                       $remove = SQL_ESCAPE($_GET['remove']);
+                       $remove = SQL_ESCAPE(REQUEST_GET('remove'));
 
                        // Special logout redirect for removal of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
@@ -352,7 +358,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        $area = "entrance";
 
                        // Check for similar URL variable
-                       if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+                       if (REQUEST_ISSET_GET(('area'))) $area = SQL_ESCAPE(REQUEST_GET('area'));
 
                        // Load "logical-area menu-system" file
                        LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php");
@@ -367,13 +373,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                break;
 
        case "404": // Administrator login not found
-               $_POST['ok'] = $ret;
+               REQUEST_SET_POST('ok', $ret);
                destroyAdminSession();
                addFatalMessage(getMessage('ADMIN_NOT_FOUND'));
                break;
 
        case "pass": // Wrong password
-               $_POST['ok'] = $ret;
+               REQUEST_SET_POST('ok', $ret);
                destroyAdminSession();
                addFatalMessage(getMessage('WRONG_PASS'));
                break;
index 82b4aeacda42f508ce2eb1889759268c14429198..49f02d5674323db92889ee22543844bfc1c23d9e 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_POST['no'])) {
+if (REQUEST_ISSET_POST(('no'))) {
        // Do not logout now
        LOAD_URL("admin.php");
-} elseif ((!empty($_POST['yes'])) && ($GLOBALS['action'] == "logout")) {
+} elseif ((REQUEST_ISSET_POST(('yes'))) && ($GLOBALS['action'] == "logout")) {
        // Redirect to logout link
        LOAD_URL("modules.php?module=admin&amp;logout=1");
 }
index ea677c8fdbc60bf4d1e2b7f9535623cb94ba6833..c960342106898a38e4290a52e95799afdc622f6d 100644 (file)
@@ -204,7 +204,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
                ) && (
                        set_session('admin_last', time())
                ) && (
-                       set_session('admin_to', bigintval($_POST['timeout']))
+                       set_session('admin_to', bigintval(REQUEST_POST('timeout')))
                )
        );
 }
@@ -536,15 +536,24 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") {
                $OUT .= "</select>\n";
        } else {
                // No menus???
-               $OUT = ADMIN_PROBLEM_NO_MENU;
+               $OUT = getMessage('ADMIN_PROBLEM_NO_MENU');
        }
 
        // Return output
        return $OUT;
 }
 
+// Wrapper for $_POST and ADMIN_SAVE_SETTINGS
+function ADMIN_SAVE_SETTINGS_POST () {
+       // Get the array
+       $POST = REQUEST_POST_ARRAY();
+
+       // Call the lower function
+       ADMIN_SAVE_SETTINGS($POST);
+}
+
 // Save settings to the database
-function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma=array(), $alwaysAdd=false) {
+function ADMIN_SAVE_SETTINGS (&$POST, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
        // Prepare all arrays, variables
        $DATA = array();
        $skip = false;
@@ -643,7 +652,7 @@ function ADMIN_MAKE_MENU_SELECTION ($menu, $type, $name, $default="") {
        $handle = opendir(sprintf("%sinc/modules/%s/", constant('PATH'), $menu)) or mxchange_die("Cannot load menu ".$menu."!");
 
        // Init the selection box
-       $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <option value=\"\">".IS_TOP_MENU."</option>\n";
+       $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <option value=\"\">{--IS_TOP_MENU--}</option>\n";
 
        // Walk through all files
        while ($file = readdir($handle)) {
@@ -689,7 +698,7 @@ function ADMIN_USER_PROFILE_LINK ($uid, $title="", $wht="list_user") {
 
        //* DEBUG: */ echo "a:".$title."<br />";
        // Return link
-       return "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$wht."&amp;u_id=".$uid."\" title=\"{--ADMIN_USER_PROFILE_TITLE--}\">".$title."</a>";
+       return "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$wht."&amp;uid=".$uid."\" title=\"{--ADMIN_USER_PROFILE_TITLE--}\">".$title."</a>";
 }
 
 // Check "logical-area-mode"
@@ -782,7 +791,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
        } // END - if
 
        // Is the raw userid set?
-       if ($_POST['uid_raw'][$id] > 0) {
+       if (REQUEST_POST('uid_raw', $id) > 0) {
                // Generate subject
                $subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
@@ -794,7 +803,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
                }
 
                // Send email out
-               SEND_EMAIL($_POST['uid_raw'][$id], $subjectLine, $mail);
+               SEND_EMAIL(REQUEST_POST('uid_raw', $id), $subjectLine, $mail);
        } // END - if
 
        // Generate subject
@@ -802,9 +811,9 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
 
        // Send admin notification out
        if (!empty($subjectPart)) {
-               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, $_POST['uid_raw'][$id]);
+               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, REQUEST_POST('uid_raw', $id));
        } else {
-               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, $_POST['uid_raw'][$id]);
+               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, REQUEST_POST('uid_raw', $id));
        }
 }
 
@@ -911,7 +920,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct
                        } // END - foreach
 
                        // Add other columns as well
-                       foreach ($_POST as $key => $entries) {
+                       foreach (REQUEST_POST_ARRAY() as $key => $entries) {
                                // Skip id, raw userid and 'do_$mode'
                                if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) {
                                        // Are there brackets () at the end?
@@ -964,7 +973,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu
                        $idList = "";
                        foreach ($IDs as $id => $sel) {
                                // Is there a userid?
-                               if (isset($_POST['uid_raw'][$id])) {
+                               if (REQUEST_ISSET_POST(('uid_raw', $id))) {
                                        // Load all data from that id
                                        $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1",
                                                array($table, $idColumn, $id), __FILE__, __LINE__);
@@ -1017,7 +1026,7 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc
                                $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET",
                                        SQL_ESCAPE($table)
                                );
-                               foreach ($_POST as $key => $entries) {
+                               foreach (REQUEST_POST_ARRAY() as $key => $entries) {
                                        // Skip raw userid which is always invalid
                                        if ($key == "uid_raw") {
                                                // Continue with next field
index ed4e351b2c606035eef898677677501a7a89460e..2a9c71d546458b49695014468165c236646d06c0 100644 (file)
@@ -41,9 +41,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Is the formular sent?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save the row to the database
-       ADMIN_SAVE_SETTINGS($_POST, "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true);
+       ADMIN_SAVE_SETTINGS(REQUEST_POST_ARRAY(), "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true);
 } else {
        // Display form
        LOAD_TEMPLATE("admin_add_bank_package");
index c7fcc2b11a5d68e09338950b0917bbee4b2ebb02..352fd10fa050bf1d646bc93918f0681430b53747 100644 (file)
@@ -40,12 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Check if category does already exist
-}
- else
-{
+} else {
        // Display form
        LOAD_TEMPLATE("admin_add_guestnl_cat");
 }
index 3dc99e4a3e2ec62862831795bbce4ccdf621c65d..08019d932c4d8cf670308cfff4afb3da7041be54 100644 (file)
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Fix a notice
-if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
+if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', "");
 
-if ($_GET['u_id'] == "all") {
+if (REQUEST_GET('uid') == "all") {
        // Add points to all accounts
-       if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
-               define('__POINTS_VALUE', $_POST['points']);
+       if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) {
+               define('__POINTS_VALUE', REQUEST_POST('points'));
                $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
                while (list($uid) = SQL_FETCHROW($result_main)) {
                        // Remove depth to prevent booking errors. This is a bad coding
@@ -55,12 +55,12 @@ if ($_GET['u_id'] == "all") {
                        $GLOBALS['ref_level'] = -1;
 
                        // Ok, add points and send an email to him...
-                       ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval($_POST['points']), false, "0", false, "direct");
+                       ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval(REQUEST_POST('points')), false, "0", false, "direct");
 
                        // Prepare content
                        $content = array(
-                               'text'   => SQL_ESCAPE($_POST['reason']),
-                               'points' => bigintval($_POST['points'])
+                               'text'   => SQL_ESCAPE(REQUEST_POST('reason')),
+                               'points' => bigintval(REQUEST_POST('points'))
                        );
 
                        // Load email template and send email away
@@ -77,44 +77,44 @@ if ($_GET['u_id'] == "all") {
                // Display form add points
                LOAD_TEMPLATE("admin_add_points_all");
        }
-} elseif (!empty($_GET['u_id'])) {
+} elseif (REQUEST_ISSET_GET(('uid'))) {
        // User ID found in URL so we use this give him some credits
        $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Selected user does exist
                list($sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
-               if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+               if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
                        // Remove depth to prevent booking errors. This is a bad coding
                        // practice, thats also why we need to write this project from
                        // scratch...
                        unset($GLOBALS['ref_level']);
 
                        // Ok, add points and send an email to him...
-                       ADD_POINTS_REFSYSTEM("admin_single", bigintval($_GET['u_id']), bigintval($_POST['points']), false, "0", false, "direct");
+                       ADD_POINTS_REFSYSTEM("admin_single", bigintval(REQUEST_GET('uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct");
 
                        // Prepare content
                        $content = array(
-                               'text'   => SQL_ESCAPE($_POST['reason']),
-                               'points' => bigintval($_POST['points'])
+                               'text'   => SQL_ESCAPE(REQUEST_POST('reason')),
+                               'points' => bigintval(REQUEST_POST('points'))
                        );
 
                        // Message laden
-                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id']));
+                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval(REQUEST_GET('uid')));
 
-                       SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_ADD_SUBJ'), $msg);
+                       SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_ADD_SUBJ'), $msg);
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
                } else {
                        // Opps, missing form here
                        define('__USER_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
-                       define('__UID'       , bigintval($_GET['u_id']));
+                       define('__UID'       , bigintval(REQUEST_GET('uid')));
                        LOAD_TEMPLATE("admin_add_points");
                }
        } else {
                // User not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
        }
 } else {
        // Output selection form with all confirmed user accounts listed
index 12798e889970eb523980b60d6f0bc647a8e8ec23..ccb2d887cbbed7acbb321fc1d534ea347be0a12d 100644 (file)
@@ -40,52 +40,45 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Generate timestamps
-       $START = mktime($_POST['start_hour'], $_POST['start_min'], $_POST['start_sec'], $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
-       $END   = mktime($_POST['end_hour']  , $_POST['end_min']  , $_POST['end_sec']  , $_POST['end_month']  , $_POST['end_day']  , $_POST['end_year']  );
+       $START = mktime(REQUEST_POST('start_hour'), REQUEST_POST('start_min'), REQUEST_POST('start_sec'), REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year'));
+       $END   = mktime(REQUEST_POST('end_hour')  , REQUEST_POST('end_min')  , REQUEST_POST('end_sec')  , REQUEST_POST('end_month')  , REQUEST_POST('end_day')  , REQUEST_POST('end_year')  );
 
        // Is there already a rallye running?
        $result = SQL_QUERY_ESC("SELECT id, admin_id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE (start_time <= %s AND end_time >= %s) OR (start_time >= %s AND start_time <= %s) LIMIT 1",
-        array($START, $START, $START, $END), __FILE__, __LINE__);
+               array($START, $START, $START, $END), __FILE__, __LINE__);
 
-       if (SQL_NUMROWS($result) == 0)
-       {
+       if (SQL_NUMROWS($result) == 0) {
                // Ok, start and end time did not overlap
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_data` (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
 VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')",
  array(
        GET_CURRENT_ADMIN_ID(),
-       $_POST['title'],
-       $_POST['descr'],
-       $_POST['template'],
+       REQUEST_POST('title'),
+       REQUEST_POST('descr'),
+       REQUEST_POST('template'),
        $START,
        $END,
-       $_POST['auto_add'],
-       $_POST['active'],
-       $_POST['notify'],
+       REQUEST_POST('auto_add'),
+       REQUEST_POST('active'),
+       REQUEST_POST('notify'),
 ), __FILE__, __LINE__);
 
                // Load ID
                $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE start_time='%s' AND end_time='%s' AND `title`='%s' LIMIT 1",
-                array($START, $END, $_POST['title']), __FILE__, __LINE__);
+                array($START, $END, REQUEST_POST('title')), __FILE__, __LINE__);
                list($id) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
-               if (!empty($id))
-               {
+               if (!empty($id)) {
                        // Reload to prices...
                        LOAD_URL("modules.php?module=admin&amp;what=config_rallye_prices&rallye=".$id);
-               }
-                else
-               {
+               } else {
                        // Problem detected...
                        LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PROBLEM_CREATE);
                }
-       }
-        else
-       {
+       } else {
                // Free memory
                SQL_FREERESULT($result);
 
index 3630a89c13918b2fafec7ee4cd9488f0abf466db..894b8cf2737d76de0b4f4e8fe86a1cfcbfaaf560 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save sponsor in database
-       SPONSOR_HANDLE_SPONSOR($_POST);
+       SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY());
 } else {
        // Prepare constants for the template
        define('__SPONSOR_MIN_VALUE', getConfig('sponsor_min_points'));
index 21268b0bcdb62f893d6ff8b51c4cfe1062556f8a..8b5c33d80e3492ecd289c8ad936906d7c12bea99 100644 (file)
@@ -41,15 +41,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was an URL added?
-if ((isset($_POST['add'])) && (!empty($_POST['url']))) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('url')))) {
        // Dummy variables
        $DATA = array(); $id = "reload_ye"; $skip = false;
 
        // Convert the "reload selections"
-       CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip);
+       CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip);
 
        // Then add this URL
-       if (SURFBAR_ADMIN_ADD_URL($_POST['url'], $_POST['limit'], $_POST['reload'])) {
+       if (SURFBAR_ADMIN_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit'), REQUEST_POST('reload'))) {
                // URL was added
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_URL_ADDED'));
        } else {
index 89d00727abc5eb9d2ad3f56d820998200ef9dda5..5d123199cbfcabe68af288f554c836a00b48d57b 100644 (file)
@@ -41,11 +41,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Check if the admin has entered title and what-php file name...
-if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) {
-       unset($_POST['ok']);
+if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu'))) || (!REQUEST_ISSET_POST(('descr')))) && (IS_FORM_SENT())) {
+       REQUEST_UNSET_POST('ok');
 }
 
-if (!isset($_POST['ok']))
+if (!IS_FORM_SENT())
 {
        // Create arrays
        $menus = array(); $titles = array(); $below = array();
@@ -165,29 +165,29 @@ if (!isset($_POST['ok']))
        LOAD_TEMPLATE("admin_admin_add");
 } elseif (!IS_DEMO()) {
        // Insert new menu entry
-       if (!empty($_POST['menu'])) {
+       if (REQUEST_ISSET_POST(('menu'))) {
                // Add sub menu
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
                        array(
-                               $_POST['menu'],
-                               $_POST['name'],
-                               $_POST['title'],
-                               $_POST['descr'],
-                               bigintval($_POST['sort']),
+                               REQUEST_POST('menu'),
+                               REQUEST_POST('name'),
+                               REQUEST_POST('title'),
+                               REQUEST_POST('descr'),
+                               bigintval(REQUEST_POST('sort')),
                        ), __FILE__, __LINE__
                );
-               CACHE_PURGE_ADMIN_MENU(0, $_POST['menu'], $_POST['name']);
+               CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('menu'), REQUEST_POST('name'));
        } else {
                // Add main menu
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (action, title, descr, sort) VALUES ('%s','%s','%s','%s')",
                        array(
-                               $_POST['name'],
-                               $_POST['title'],
-                               $_POST['descr'],
-                               bigintval($_POST['sort']),
+                               REQUEST_POST('name'),
+                               REQUEST_POST('title'),
+                               REQUEST_POST('descr'),
+                               bigintval(REQUEST_POST('sort')),
                        ), __FILE__, __LINE__
                );
-               CACHE_PURGE_ADMIN_MENU(0, $_POST['name']);
+               CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('name'));
        }
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
 } else {
index b20760df3e0651e96f08d4804e032c6b90b85952..380ef3157ef19a2f76625b2f3228b96cd7052e02 100644 (file)
@@ -42,23 +42,23 @@ ADD_DESCR("admin", __FILE__);
 
 // Do we edit/delete/change main menus or sub menus?
 $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
-if (!empty($_GET['sub']))
+if (REQUEST_ISSET_GET(('sub')))
 {
-       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
-       $SUB = SQL_ESCAPE($_GET['sub']);
+       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+       $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
 }
 
 // Get count of (maybe) selected menu points
 $chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
 
 // List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) {
        // Edit menu entries
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        $cnt = 0; $SW = 2;
-       foreach ($_POST['sel'] as $sel => $confirm)
+       foreach (REQUEST_POST('sel') as $sel => $confirm)
        {
                if ($confirm == 1)
                {
@@ -101,13 +101,13 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
        // Load template
        LOAD_TEMPLATE("admin_amenu_edit_form");
 }
- elseif ((isset($_POST['del'])) && (!IS_DEMO()))
+ elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO()))
 {
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        // Del menu entries with or without confirmation
        $SW = 2; $cnt = 0; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm)
+       foreach (REQUEST_POST('sel') as $sel => $confirm)
        {
                if ($confirm == 1)
                {
@@ -146,12 +146,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
 
        // Load template
        LOAD_TEMPLATE("admin_amenu_delete");
-} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) {
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
        // An action is done...
-       switch ($_POST['ok'])
+       switch (REQUEST_POST('ok'))
        {
        case "edit": // Edit menu
-               foreach ($_POST['sel'] as $sel => $menu) {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        // Secure ID
                        $sel = bigintval($sel);
 
@@ -164,22 +164,22 @@ descr='%s'
 WHERE ".$AND." AND id=%s LIMIT 1",
  array(
        $menu,
-       $_POST['sel_action'][$sel],
-       $_POST['sel_what'][$sel],
-       $_POST['sel_desc'][$sel],
+       REQUEST_POST('sel_action', $sel),
+       REQUEST_POST('sel_what', $sel),
+       REQUEST_POST('sel_desc', $sel),
        $sel,
 ), __FILE__, __LINE__);
                }
 
                // Purge admin menu cache
-               CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]);
+               CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel));
 
                // Load template
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
                break;
 
        case "del": // Delete menu
-               foreach ($_POST['sel'] as $sel => $menu) {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE ".$AND." AND id=%s LIMIT 1",
                                array(bigintval($sel)), __FILE__, __LINE__);
                        CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
@@ -190,32 +190,32 @@ WHERE ".$AND." AND id=%s LIMIT 1",
                break;
 
        default: // Unexpected action
-               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok']));
-               define('__OK_VALUE', $_POST['ok']);
+               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok')));
+               define('__OK_VALUE', REQUEST_POST('ok'));
                LOAD_TEMPLATE("admin_menu_unknown_okay");
                break;
        }
 } else {
-       if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+       if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
                // Get IDs
-               if (!empty($_GET['w'])) {
+               if (REQUEST_ISSET_GET(('w'))) {
                        // Sub menus selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                               array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
+                               array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                               array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
+                               array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                } else {
                        // Main menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                               array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                               array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                }
@@ -223,9 +223,9 @@ WHERE ".$AND." AND id=%s LIMIT 1",
                if ((!empty($tid)) && (!empty($fid))) {
                        // Sort menu
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
                        CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
                }
        }
index c1054846cbb493b4d4bdd2b3e0db36e3b8b0fbcf..4f7f51e59fcb844ca26fd013c36f77e59b96e640 100644 (file)
@@ -43,9 +43,9 @@ ADD_DESCR("admin", __FILE__);
 // Display form is default
 $FORM = true;
 
-if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email'])) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('email'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
        // Add admin when not added already
-       if (REGISTER_ADMIN($_POST['login'], generateHash($_POST['pass1']), $_POST['email']) == "done") {
+       if (REGISTER_ADMIN(REQUEST_POST('login'), generateHash(REQUEST_POST('pass1')), REQUEST_POST('email')) == "done") {
                // Do not ouput any form!
                $FORM = false;
 
@@ -53,16 +53,16 @@ if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ADD_DONE'));
 
                // Run filter chain
-               RUN_FILTER('post_admin_added', $_POST);
+               RUN_FILTER('post_admin_added', REQUEST_POST_ARRAY());
        } // END - if
 } // END - if
 
 // Shall we display the form?
 if ($FORM === true) {
        // Set missing elements
-       // @TODO Do we need this ugly code here?
-       if (!isset($_POST['login'])) $_POST['login'] = "";
-       if (!isset($_POST['email'])) $_POST['email'] = "";
+       // @TODO Do we still need this ugly code here?
+       if (!REQUEST_ISSET_POST(('login'))) REQUEST_SET_POST('login', "");
+       if (!REQUEST_ISSET_POST(('email'))) REQUEST_SET_POST('email', "");
 
        // Load form from template
        LOAD_TEMPLATE("admin_admins_add");
index c6341ea4f1bef92d40e9ab0081f8256d73827147..65e1f69cdf1aaf554eb76db3091332bf0b00d5af 100644 (file)
@@ -40,26 +40,26 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if ((isset($_POST['ok'])) && (!empty($_GET['admin']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('admin')))) {
        // Send mail or message
-       if ((EXT_IS_ACTIVE("msg")) && ($_POST['type'] == "msg")) {
+       if ((EXT_IS_ACTIVE("msg")) && (REQUEST_POST('type') == "msg")) {
                // Add message
-               $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", $_POST['text'], "0");
-               SEND_ADMIN_MESSAGE($_GET['admin'], ADMINS_MSG_FROM_ADMIN, $msg);
+               $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", REQUEST_POST('text'), "0");
+               SEND_ADMIN_MESSAGE(REQUEST_GET('admin'), ADMINS_MSG_FROM_ADMIN, $msg);
        } else {
                // Load admin's email address
-               $email = GET_ADMIN_EMAIL(bigintval($_GET['admin']));
+               $email = GET_ADMIN_EMAIL(bigintval(REQUEST_GET('admin')));
 
                // Load email template and send the mail to the admin
-               $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", $_POST['text'], "0");
+               $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", REQUEST_POST('text'), "0");
                SEND_EMAIL($email, ADMINS_MSG_FROM_ADMIN, $msg);
        }
 
        // Mail / message dropped
        LOAD_TEMPLATE("admin_settings_saved", false, ADMINS_ADMIN_CONTACTED);
-} elseif (!empty($_GET['admin'])) {
+} elseif (REQUEST_ISSET_GET(('admin'))) {
        // Load contact form template
-       define('__ADMIN', $_GET['admin']);
+       define('__ADMIN', REQUEST_GET('admin'));
        if (EXT_IS_ACTIVE("msg")) {
                // Add option to select between mail and message
                define('ADMINS_MESSAGING_SELECTION', LOAD_TEMPLATE("admin_admins_contct_select", true));
index 6706d9a016780bfb9a151f2a794fc12bb2e10cf2..d3a151b79167580dc091b14fc6d30699b6c121a4 100644 (file)
@@ -41,29 +41,31 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Set selection data to empty array when it is empty
-if (empty($_POST['sel'])) $_POST['sel'] = array();
+if (!REQUEST_ISSET_POST(('sel'))) REQUEST_SET_POST('sel', array());
 
 // Check if direct admin account was selected
-if (!empty($_GET['admin'])) {
+if (REQUEST_ISSET_GET(('admin'))) {
        // Secure ID number
-       $aid = bigintval($_GET['admin']);
-       $_POST['edit'] = "1";
-       $_POST['sel'][$aid] = "1";
+       $aid = bigintval(REQUEST_GET('admin'));
+
+       // Set required fields
+       REQUEST_SET_POST('edit', "1");
+       REQUEST_SET_POST(array('sel', $aid), "1");
 }
 
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Edit account(s)
-       ADMINS_EDIT_ADMIN_ACCOUNTS($_POST);
-} elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0)) {
+       ADMINS_EDIT_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
+} elseif ((REQUEST_ISSET_POST(('change'))) && (sizeof(REQUEST_POST('login')) > 0)) {
        // Change admin accounts
-       ADMINS_CHANGE_ADMIN_ACCOUNT($_POST);
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+       ADMINS_CHANGE_ADMIN_ACCOUNT(REQUEST_POST_ARRAY());
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Show admin accounts for deletetion
-       ADMINS_DELETE_ADMIN_ACCOUNTS($_POST);
+       ADMINS_DELETE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
 } else {
-       if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+       if ((REQUEST_ISSET_POST(('remove'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
                // Remove accounts now
-               ADMINS_REMOVE_ADMIN_ACCOUNTS($_POST);
+               ADMINS_REMOVE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
        }
 
        // List all admin accounts
index 04124c3ca15e91cb07283a1e227414df6875d416..fddbc9a0aed0cf7487f8ba6c1ae59a971cc709c9 100644 (file)
@@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['edit']))
+if (REQUEST_ISSET_POST(('edit')))
 {
        // Check if entires are checked
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0)
        {
                // Add option for events
                $GLOBALS['cache_array']['admins'] = ADD_OPTION_LINES("admins", "id", "login", "", "email");
                $SW = 2; $rowNameS = "";
-               foreach ($_POST['sel'] as $template => $sel) {
+               foreach (REQUEST_POST('sel') as $template => $sel) {
                        // First of all load data from DB
                        $result = SQL_QUERY_ESC("SELECT admin_id, id FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' ORDER BY `id`",
                         array($template), __FILE__, __LINE__);
@@ -117,11 +117,10 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
                // Shall I change entries?
-               if (isset($_POST['change']))
+               if (REQUEST_ISSET_POST(('change')))
                {
                        // Ok, update database
-                       foreach ($_POST['admin_id'] as $id => $aid)
-                       {
+                       foreach (REQUEST_POST('admin_id') as $id => $aid) {
                                // Secure IDs
                                $id  = bigintval($id);
                                $aid = bigintval($aid);
@@ -130,17 +129,17 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__);
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_mails` SET admin_id=%s WHERE id=%s ORDER BY `id` LIMIT 1",
                                        array($aid, $id), __FILE__, __LINE__);
 
-                               if (($aid < 1) && (!empty($_POST['template'][$id])))
+                               if (($aid < 1) && (REQUEST_ISSET_POST(('template', $id))))
                                {
                                        // Remove any other admin entries
                                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' AND id != '%s'",
-                                               array($_POST['template'][$id], $id), __FILE__, __LINE__);
+                                               array(REQUEST_POST('template', $id), $id), __FILE__, __LINE__);
                                }
-                               if ($_POST['admin_new'][$_POST['template'][$id]] > 0)
+                               if (REQUEST_POST('admin_new', REQUEST_POST('template', $id)) > 0)
                                {
                                        // Add new admin
                                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_mails` (admin_id, mail_template) VALUES ('%s','%s')",
-                                               array($aid, $_POST['template'][$id]), __FILE__, __LINE__);
+                                               array($aid, REQUEST_POST('template', $id)), __FILE__, __LINE__);
                                }
                        }
 
index efb00e6321ce57e4f685afd21560019763274750..37242ae4a3677b17c42cd32437ccebc6f0bb67c2 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Minimum mails / active
        define('__LIMIT_VALUE', getConfig('active_limit'));
index 8f42cfc5ec5dbad039460e8c48184124fe6ba496..90f507768dd3a5060bb0f70036a4d1b88feca1dc 100644 (file)
@@ -39,9 +39,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data for the template
        switch (getConfig('admin_menu'))
index a8957adaf9b81f14d0cd28b167da1b7556819031..78e1109e10cb2415fe4fff254118cf21eee09c1f 100644 (file)
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 
-if ((isset($_POST['edit'])) && ($SEL > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($SEL > 0)) {
        // Edit ACLs
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Load data for the ID
                $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
@@ -76,15 +76,21 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
 
        // Load main template
        LOAD_TEMPLATE("admin_config_admins_edit");
-} elseif ((isset($_POST['change'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0)) {
        // Change entries
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Secure ID
                $id = bigintval($id);
 
                // Update entries
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_acls` SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
-                       array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
+                       array(
+                               REQUEST_POST('admin', $id),
+                               REQUEST_POST('action_menu', $id),
+                               REQUEST_POST('what_menu', $id),
+                               REQUEST_POST('mode', $id),
+                               $id
+                       ),__FILE__, __LINE__);
        }
 
        // Update cache when installed
@@ -92,15 +98,15 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
                if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
 
                // Purge menu cache
-               CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]);
+               CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin', $id));
        }
 
        // Entries changed
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_CHANGED'));
-} elseif ((isset($_POST['del'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ($SEL > 0)) {
        // Delete ACLs
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Load data for the ID
                $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
                        array(bigintval($id)), __FILE__, __LINE__);
@@ -135,9 +141,9 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
 
        // Load main template
        LOAD_TEMPLATE("admin_config_admins_del");
-} elseif ((isset($_POST['remove'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0)) {
        // Remove entries
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
                        array(bigintval($id)),__FILE__, __LINE__);
        }
@@ -152,33 +158,33 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
 
        // Entries deleted
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_DELETED'));
-} elseif (isset($_POST['add'])) {
+} elseif (REQUEST_ISSET_POST(('add'))) {
        // Check if everything is fine...
-       $mode = GET_ADMIN_DEFAULT_ACL(bigintval($_POST['admin_id']));
+       $mode = GET_ADMIN_DEFAULT_ACL(bigintval(REQUEST_POST('admin_id')));
 
        // Default ACL is false
        $ACL = false;
-       if (!empty($_POST['what_menu'])) {
+       if (REQUEST_ISSET_POST(('what_menu'))) {
                // Check parent ACL
-               $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
+               $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", REQUEST_POST('what_menu')), "");
        }
 
-       if ($mode != $_POST['mode'] || ($ACL)) {
+       if ($mode != REQUEST_POST('mode') || ($ACL)) {
                // Mode is fine
-               $BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
-               if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) {
+               $BOTH = ((REQUEST_ISSET_POST(('action_menu'))) && (REQUEST_ISSET_POST(('what_menu'))));
+               if (((REQUEST_ISSET_POST(('action_menu'))) || (REQUEST_ISSET_POST(('what_menu')))) && (!$BOTH)) {
                        // Main or sub menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
-                        array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_POST('admin_id')), REQUEST_POST('action_menu'), REQUEST_POST('what_menu')), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 0) {
                                // Finally add the new ACL
                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_acls` (admin_id, action_menu, what_menu, access_mode)
 VALUES ('%s','%s','%s','%s')",
  array(
-       bigintval($_POST['admin_id']),
-       $_POST['action_menu'],
-       $_POST['what_menu'],
-       $_POST['mode']
+       bigintval(REQUEST_POST('admin_id')),
+       REQUEST_POST('action_menu'),
+       REQUEST_POST('what_menu'),
+       REQUEST_POST('mode')
 ), __FILE__, __LINE__);
                                $content = ADMIN_ADMINS_ACL_SAVED;
 
@@ -187,7 +193,7 @@ VALUES ('%s','%s','%s','%s')",
                                        if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
 
                                        // Purge cache
-                                       CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']);
+                                       CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin_id'), REQUEST_POST('action_menu'), REQUEST_POST('what_menu'));
                                } // END - if
                        } else {
                                // ACL does already exist!
index cea9d4cb8155c152ae31537b64b565c5f03301f5..956d5bf402653f524af19b0749b9d6793b712d38 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Data was submitted so we store it
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Output de-/activation selections
        define('__AP_INACTIVE_SELECTION'   , ADD_SELECTION("yn", getConfig('autopurge_inactive')   , "autopurge_inactive"));
index 6bc51b7e8d8b4a25c5a64136065e1d9d91dad151..1f4d63502697f7cd804f04af95cf6ea1740ccfd1 100644 (file)
@@ -40,19 +40,19 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Translate german decimal commas to computer decimal dots
-       $_POST['beg_points']       = REVERT_COMMA($_POST['beg_points']      );
-       $_POST['beg_points_max']   = REVERT_COMMA($_POST['beg_points_max']  );
-       $_POST['beg_notify_bonus'] = REVERT_COMMA($_POST['beg_notify_bonus']);
+       REQUEST_SET_POST('beg_points'      , REVERT_COMMA(REQUEST_POST('beg_points')      ));
+       REQUEST_SET_POST('beg_points_max'  , REVERT_COMMA(REQUEST_POST('beg_points_max')  ));
+       REQUEST_SET_POST('beg_notify_bonus', REVERT_COMMA(REQUEST_POST('beg_notify_bonus')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 
        // Remember new settings
-       setConfigEntry('beg_rallye'       , $_POST['beg_rallye']);
-       setConfigEntry('beg_ral_en_notify', $_POST['beg_ral_en_notify']);
-       setConfigEntry('beg_ral_di_notify', $_POST['beg_ral_di_notify']);
+       setConfigEntry('beg_rallye'       , REQUEST_POST('beg_rallye'));
+       setConfigEntry('beg_ral_en_notify', REQUEST_POST('beg_ral_en_notify'));
+       setConfigEntry('beg_ral_di_notify', REQUEST_POST('beg_ral_di_notify'));
 } else {
        // Prepare constants for the template
        define('__BEG_POINTS'           , TRANSLATE_COMMA(getConfig('beg_points')      , false));
index 174bbf655621e1c9c8949b4bb67ebc654fa732e0..bba2f20f35fa6442f94e6b6c373612e0bac0512a 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data for the template
        define('__POINTS_VALUE', getConfig('birthday_points'));
index b50b55ee0a70876195a67509884bef489aeb6d7c..cfce062364333f305551085af4fdd59d5992717d 100644 (file)
@@ -40,33 +40,34 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Replace german decimal commas to computer decimal dots
-       $_POST['login_bonus']         = REVERT_COMMA($_POST['login_bonus']        );
-       $_POST['turbo_bonus']         = REVERT_COMMA($_POST['turbo_bonus']        );
-       $_POST['bonus_ref']           = REVERT_COMMA($_POST['bonus_ref']          );
-       $_POST['bonus_order']         = REVERT_COMMA($_POST['bonus_order']        );
-       $_POST['bonus_notify_points'] = REVERT_COMMA($_POST['bonus_notify_points']);
+       REQUEST_POST('login_bonus')         = REVERT_COMMA(REQUEST_POST('login_bonus')        );
+       REQUEST_POST('turbo_bonus')         = REVERT_COMMA(REQUEST_POST('turbo_bonus')        );
+       REQUEST_POST('bonus_ref')           = REVERT_COMMA(REQUEST_POST('bonus_ref')          );
+       REQUEST_POST('bonus_order')         = REVERT_COMMA(REQUEST_POST('bonus_order')        );
+       REQUEST_SET_POST('bonus_notify_points', REVERT_COMMA(REQUEST_POST('bonus_notify_points')));
 
        // Generate string for saving ranks
-       $_POST['turbo_rates'] = ""; $RATES = array();
-       foreach ($_POST['rate'] as $rate) {
+       REQUEST_SET_POST('turbo_rates', "");
+       $RATES = array();
+       foreach (REQUEST_POST('rate') as $rate) {
                $rate = trim(REVERT_COMMA($rate));
-               if (isset($rate)) $RATES[] = $rate;
+               if (!empty($rate)) $RATES[] = $rate;
        }
-       $_POST['turbo_rates'] = trim(implode(";", $RATES));
-       unset($_POST['rate']);
+       REQUEST_SET_POST('turbo_rates', trim(implode(";", $RATES)));
+       REQUEST_UNSET_POST(('rate'));
 
        // Automatically calculate bonus points for ranks 2 and 3 when not set
-       if (empty($_POST['turbo_rates'])) $_POST['turbo_rates'] = "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4)."";
+       if (!REQUEST_ISSET_POST(('turbo_rates'))) REQUEST_SET_POST('turbo_rates', "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4)."");
 
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 
        // Remember new settings
-       setConfigEntry('bonus_active'   , $_POST['bonus_active']);
-       setConfigEntry('bonus_en_notify', $_POST['bonus_en_notify']);
-       setConfigEntry('bonus_di_notify', $_POST['bonus_di_notify']);
+       setConfigEntry('bonus_active'   , REQUEST_POST('bonus_active'));
+       setConfigEntry('bonus_en_notify', REQUEST_POST('bonus_en_notify'));
+       setConfigEntry('bonus_di_notify', REQUEST_POST('bonus_di_notify'));
 } else {
        // Prepare contants for the template
        define('__LOGIN_VALUE' , TRANSLATE_COMMA(getConfig('login_bonus')        , false));
index 6a86a6732550049937c80fc0b63095ff775893a2..1056c3f3a61dcba898f79191e99ab99dc6a1cc79 100644 (file)
@@ -40,41 +40,46 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Cache path has been not changed by default so don't test it again
-       $_POST['cache_tested'] = "N";
+       REQUEST_SET_POST('cache_tested', "N");
 
        // Check if path has been changed
-       if ($_POST['cache_path'] != getConfig('cache_path')) {
+       if (REQUEST_POST('cache_path') != getConfig('cache_path')) {
                // Okay, cache path has been altered so we have to test it again!
-               $_POST['cache_tested'] = "Y";
+               REQUEST_SET_POST('cache_tested', "Y");
        }
 
-       // Delete deactivated cache files
-       if (($_POST['cache_admins'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) {
+       if ((REQUEST_POST('cache_admins') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_acls'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) {
+
+       if ((REQUEST_POST('cache_acls') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_exts'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) {
+
+       if ((REQUEST_POST('cache_exts') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_config'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) {
+
+       if ((REQUEST_POST('cache_config') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_modreg'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) {
+
+       if ((REQUEST_POST('cache_modreg') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_refdepth'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) {
+
+       if ((REQUEST_POST('cache_refdepth') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_refsys'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) {
+
+       if ((REQUEST_POST('cache_refsys') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
 
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data
        switch (getConfig('cache_admins')) {
index 5bda6c5df8fd3929021bb2b36ef1c478b30a6d4f..2789835efb00b024e7124982ff5a728209ce9014 100644 (file)
@@ -44,14 +44,14 @@ ADD_DESCR("admin", __FILE__);
 // Init variable to avoid a notice
 $CATS = "";
 
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
        // Add a new category
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_cats` WHERE cat='%s' LIMIT 1",
-               array($_POST['catname']), __FILE__, __LINE__);
+               array(REQUEST_POST('catname')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Category does not exists, we simply add it...
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_cats` (cat, visible, sort) VALUES ('%s','%s','%s')",
-                       array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
+                       array(REQUEST_POST('catname'), REQUEST_POST('visible'), bigintval(REQUEST_POST('parent') + 1)), __FILE__, __LINE__);
                $content = CATEGORY_ADDED;
        } else {
                // Category does already exists
@@ -63,20 +63,25 @@ if (isset($_POST['add'])) {
 
        // Display message
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['ok'])) && (isset($_POST['id'])) && (is_array($_POST['id']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id')))) {
        // Change or delete categories...
        $TEXT = "";
-       foreach ($_POST['id'] as $id => $cat) {
+       foreach (REQUEST_POST('id') as $id => $cat) {
                // Secure ID
                $id = bigintval($id);
 
                // Is the entry set?
                if (!empty($cat)) {
-                       switch ($_GET['do'])
+                       switch (REQUEST_GET('do'))
                        {
                        case "edit": // Change categories
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_cats` SET cat='%s', `visible`='%s', sort=%s WHERE id=%s LIMIT 1",
-                                       array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
+                                       array(
+                                               $cat,
+                                               REQUEST_POST('vis', $id),
+                                               REQUEST_POST('sort', $id),
+                                               $id
+                                       ), __FILE__, __LINE__);
                                $TEXT = CATEGORIES_SAVED;
                                break;
 
@@ -98,10 +103,10 @@ if (isset($_POST['add'])) {
                // Display message
                LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
        }
-} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Delete categories
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                // Load data of category
                $result = SQL_QUERY_ESC("SELECT cat FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1",
                        array(bigintval($id)), __FILE__, __LINE__);
@@ -123,10 +128,10 @@ if (isset($_POST['add'])) {
 
        // Load main template
        LOAD_TEMPLATE("admin_del_cats");
-} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Edit categories
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value)
+       foreach (REQUEST_POST('sel') as $id => $value)
        {
                // Load data from the category
                $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1",
index 185aae57c17c526635c7cf9574abac7b1d86c6ba..8b21140c3074827a7d2f13042f989df7b155eccd 100644 (file)
@@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Replace commata with decimal dot
-       $_POST['doubler_charge'] = REVERT_COMMA(($_POST['doubler_charge'] / 100));
-       $_POST['doubler_ref']    = REVERT_COMMA(($_POST['doubler_ref'] / 100));
-       $_POST['doubler_min']    = REVERT_COMMA($_POST['doubler_min']);
-       $_POST['doubler_max']    = REVERT_COMMA($_POST['doubler_max']);
-       $_POST['doubler_left']   = REVERT_COMMA($_POST['doubler_left']);
+       REQUEST_SET_POST('doubler_charge', REVERT_COMMA((REQUEST_POST('doubler_charge') / 100)));
+       REQUEST_SET_POST('doubler_ref'   , REVERT_COMMA((REQUEST_POST('doubler_ref') / 100)));
+       REQUEST_SET_POST('doubler_min'   , REVERT_COMMA(REQUEST_POST('doubler_min')));
+       REQUEST_SET_POST('doubler_max'   , REVERT_COMMA(REQUEST_POST('doubler_max')));
+       REQUEST_SET_POST('doubler_left'  , REVERT_COMMA(REQUEST_POST('doubler_left')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data for the template
        // - Charge rate
index 754f36912f8fb3a297293f1ae253cd83d0eea341..7048cd0a8f1650afdca780f04e94a77283893b09 100644 (file)
@@ -41,20 +41,20 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Remove empty array index
-if (empty($_POST['max'])) unset($_POST['add_max']);
+if (!REQUEST_ISSET_POST(('max'))) REQUEST_UNSET_POST(('add_max'));
 
-if (isset($_POST['add_max'])) {
+if (REQUEST_ISSET_POST(('add_max'))) {
        // Save all settings
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE value='%s' LIMIT 1",
-        array(bigintval($_POST['max'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_POST('max'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Add this value (including comment)
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_max_receive` (value, comment) VALUES ('%s','%s')",
-                       array(bigintval($_POST['max']), $_POST['comment']),__FILE__, __LINE__);
+                       array(bigintval(REQUEST_POST('max')), REQUEST_POST('comment')),__FILE__, __LINE__);
                $content = MAX_VALUE_SAVED;
        } else {
                // Value does alread exists!
-               $content = "<span class=\"admin_failed\">".MAX_VALUE_ALREADY."</span>";
+               $content = "<span class=\"admin_failed\">{--MAX_VALUE_ALREADY--}</span>";
        }
 
        // Free memory
@@ -62,18 +62,22 @@ if (isset($_POST['add_max'])) {
 
        // Display message
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['ok'])) && (isset($_GET['do']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('do')))) {
        // Change or delete entries...
        $TEXT = "";
-       foreach ($_POST['id'] as $id => $value) {
+       foreach (REQUEST_POST('id') as $id => $value) {
                // Secure ID
                $id = bigintval($id);
 
-               switch ($_GET['do'])
+               switch (REQUEST_GET('do'))
                {
                case "edit": // Change entries
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_max_receive` SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
-                               array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
+                               array(
+                                       bigintval(REQUEST_POST('val', $id)),
+                                       REQUEST_POST('comm', $id),
+                                       $id
+                               ),__FILE__, __LINE__);
                        $TEXT = MRECEIVE_SAVED;
                        break;
 
@@ -89,10 +93,10 @@ if (isset($_POST['add_max'])) {
                // Display message
                LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
        }
-} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Delete entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value)
+       foreach (REQUEST_POST('sel') as $id => $value)
        {
                // Load data
                $result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1",
@@ -116,10 +120,10 @@ if (isset($_POST['add_max'])) {
 
        // Load main template
        LOAD_TEMPLATE("admin_config_email_del");
-} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Edit entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                // Load data
                $result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
index 4bd20e5a6968cf08385caae5dbf09d5a471b13d7..3129867db064e32ccc1a9ea5e0fba139bf688451 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data
        switch (getConfig('verbose_sql')) {
index 56f823b9280445123ce75ffbfeb8853bbe061437..43019d2966e15c1a288d0621e73fee4995e1ca8d 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
  else
 {
index 9c3ae2cc5b8eee198229baa2a5ccaa1c6a82fdc1..7a0d4ccfd0e4b8e463891e012667f508e05e95a9 100644 (file)
@@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $sub = "";
-if (!empty($_GET['sub'])) $sub = $_GET['sub'];
+if (REQUEST_ISSET_GET(('sub'))) $sub = REQUEST_GET('sub');
 
 switch ($sub)
 {
@@ -50,9 +50,9 @@ case "": // Output selection table
        break;
 
 case "settings": // Settings related to the index page
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
                OUTPUT_HTML("<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_home&amp;sub=settings\">".ADMIN_CONTINUE_TO_CONFIG."</a>");
        } else {
                // Prepare data for the template
@@ -65,9 +65,9 @@ case "settings": // Settings related to the index page
        break;
 
 case "target": // Set which what-file will be placed in home-page (only modules.php?module=index)
-       if (isset($_GET['home'])) {
+       if (REQUEST_ISSET_GET(('home'))) {
                // Set new home
-               UPDATE_CONFIG("index_home", SQL_ESCAPE($_GET['home']));
+               UPDATE_CONFIG("index_home", SQL_ESCAPE(REQUEST_GET('home')));
        } // END - if
 
        // Load all what menu points
index 20e1b5537b2537f9a61f23ac331606bdeb978fce..aa1d9a94a2b9c000f7309936059d97eb497fed7e 100644 (file)
@@ -40,50 +40,39 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Test timestamp
-       $STAMP = mktime(0, 0, 0, bigintval($_POST['month']), bigintval($_POST['day']), bigintval($_POST['year']));
-       if ($STAMP > time())
-       {
+       $STAMP = mktime(0, 0, 0, bigintval(REQUEST_POST('month')), bigintval(REQUEST_POST('day')), bigintval(REQUEST_POST('year')));
+       if ($STAMP > time()) {
                // Date is in the future!
-               unset($_POST['ok']);
-       }
-        else
-       {
+               REQUEST_UNSET_POST('ok');
+       } else {
                // Remove entries
-               unset($_POST['day']);
-               unset($_POST['month']);
-               unset($_POST['year']);
+               REQUEST_UNSET_POST(('day'));
+               REQUEST_UNSET_POST(('month'));
+               REQUEST_UNSET_POST(('year'));
 
                // Remember timestamp
-               $_POST['mt_start'] = $STAMP;
+               REQUEST_SET_POST('mt_start', $STAMP);
        }
 
        // Convert some data
-       $_POST['mt_stage'] = bigintval($_POST['mt_stage']);
-       if ($_POST['mt_stage'] <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true))
-       {
+       REQUEST_SET_POST('mt_stage', bigintval(REQUEST_POST('mt_stage')));
+       if (REQUEST_POST('mt_stage') <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true)) {
                // Not enougth!
-               unset($_POST['ok']);
+               REQUEST_UNSET_POST('ok');
        }
 }
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
-}
- else
-{
+       ADMIN_SAVE_SETTINGS_POST();
+} else {
        // Start of this exchange
-       if (getConfig('mt_start') > 0)
-       {
+       if (getConfig('mt_start') > 0) {
                // Only show start
                define('__MT_START', "<strong>".MAKE_DATETIME(getConfig('mt_start'), "3")."</strong>");
-       }
-        else
-       {
+       } else {
                // Make start editable
                define('__MT_START',
                        ADD_SELECTION("day"  , date("d", time())).
index 2b1c292599a2f1de98680b0afbffb1f7a52c2b4a..e8afadd7f404af305f9e08505dca8119628ea52a 100644 (file)
@@ -41,15 +41,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $SEL = 0;
-if (isset($_POST['edit'])) {
+if (REQUEST_ISSET_POST(('edit'))) {
        // Check if at least one module is selected
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0) {
                // Output header
                $OUT = ""; $SW = 2;
 
                // Edit selected modules
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load module data
                        $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM `{!_MYSQL_PREFIX!}_mod_reg` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
@@ -80,18 +80,25 @@ if (isset($_POST['edit'])) {
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MODS_NOTHING_SELECTED'));
 
                // Remove maybe confusing data
-               unset($_POST['edit']);
-               unset($_POST['change']);
+               REQUEST_UNSET_POST(('edit'));
+               REQUEST_UNSET_POST(('change'));
        }
-} elseif (isset($_POST['change'])) {
+} elseif (REQUEST_ISSET_POST(('change'))) {
        // Change modules
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Secure ID number
                $id = bigintval($id);
 
                // Update module
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_mod_reg` SET `title`='%s', `locked`='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
-                       array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id),  __FILE__, __LINE__);
+                       array(
+                               REQUEST_POST('title', $id),
+                               REQUEST_POST('locked', $id),
+                               REQUEST_POST('hidden', $id),
+                               REQUEST_POST('admin', $id),
+                               REQUEST_POST('member', $id),
+                               $id
+                       ),  __FILE__, __LINE__);
        }
 
        // Remove cache file if version matches
index d1ae33fc8313cbcc439055cf496fd7f4d5b8bae2..b7abc790c3d7ea28f792744fe5296140823835a5 100644 (file)
@@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       $_POST['nl_charge'] = REVERT_COMMA($_POST['nl_charge']);
+       REQUEST_SET_POST('nl_charge', REVERT_COMMA(REQUEST_POST('nl_charge')));
 
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare contants for the template
        define('__CHARGE_VALUE'  , TRANSLATE_COMMA(getConfig('nl_charge'), false));
index c95b924b25180f07bdbe9cc44f67515bf54580e0..34dfa051ccb4123a402f9dcad84b766d1f5a9735 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Load template
        LOAD_TEMPLATE("admin_config_nickname");
index dbf9e3075aa86b23f96297f297b69dc4a721b346..ba2f0e24898ce4f2557ee8b58b51f18825f4c877 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare constants for the template
        switch (getConfig('order_max_full'))
index 6b5db674fc9e8fc851fa678a1a00163bfa91d932..0a67c5b9c48b5645f91f1dc308af90c686708004 100644 (file)
@@ -45,32 +45,32 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Stop saving data if one input field is !isset
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Calculate stamps and set calculated stamps
-       $_POST['online_timeout']        = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout"           , $_POST);
-       $_POST['url_tlock']             = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock"            , $_POST);
-       $_POST['profile_lock']          = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock"         , $_POST);
-       $_POST['profile_update']        = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update"       , $_POST);
-       $_POST['resend_profile_update'] = CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", $_POST);
+       REQUEST_POST('online_timeout')        = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout"           , REQUEST_POST_ARRAY());
+       REQUEST_POST('url_tlock')             = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock"            , REQUEST_POST_ARRAY());
+       REQUEST_POST('profile_lock')          = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock"         , REQUEST_POST_ARRAY());
+       REQUEST_POST('profile_update')        = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update"       , REQUEST_POST_ARRAY());
+       REQUEST_SET_POST('resend_profile_update', CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", REQUEST_POST_ARRAY()));
 
        // Online-Timeout shall be > 0 or your database will crow and crow and crow...
-       if (!isset($_POST['online_timeout']))        { unset($_POST['ok']); }
+       if (!REQUEST_ISSET_POST(('online_timeout')))        { REQUEST_UNSET_POST('ok'); }
 
        // Chedck other timestamps (which can be zero!)
-       if (!isset($_POST['profile_lock']))          { unset($_POST['ok']); }
-       if (!isset($_POST['url_tlock']))             { unset($_POST['ok']); }
-       if (!isset($_POST['profile_update']))        { unset($_POST['ok']); }
-       if (!isset($_POST['resend_profile_update'])) { unset($_POST['ok']); }
+       if (!REQUEST_ISSET_POST(('profile_lock')))          { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('url_tlock')))             { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('profile_update')))        { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('resend_profile_update'))) { REQUEST_UNSET_POST('ok'); }
 
        // Check other settings
-       if (!isset($_POST['max_send']))              { unset($_POST['ok']); }
-       if (!isset($_POST['code_length']))           { unset($_POST['ok']); }
-       if (!isset($_POST['reject_url']))            { unset($_POST['ok']); }
+       if (!REQUEST_ISSET_POST(('max_send')))              { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('code_length')))           { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('reject_url')))            { REQUEST_UNSET_POST('ok'); }
 }
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Update stamps directly
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Transfer config data into constants for the template (DO NOT set $_CONFIG as global in LOAD_TEMPLATE!!!)
        define('_CFG_CODE_LENGTH', getConfig('code_length'));
index 8ba924fe487977fa33abca44ebf42b33ada085d7..d15f8ae59fc5c8b0bafe00ebad6f048ea9698c2d 100644 (file)
@@ -40,30 +40,30 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_POST['rate'])) $_POST['rate'] = REVERT_COMMA($_POST['rate']);
+if (REQUEST_ISSET_POST(('rate'))) REQUEST_SET_POST('rate', REVERT_COMMA(REQUEST_POST('rate')));
 
-if ((isset($_POST['add'])) && (!empty($_POST['title'])) && ($_POST['rate'] > 0)) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('title'))) && (REQUEST_POST('rate') > 0)) {
        // Add new payout type
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE type='%s' LIMIT 1",
-               array($_POST['title']), __FILE__, __LINE__);
+               array(REQUEST_POST('title')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Add now
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_payout_types`
 (type, rate, min_points, from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url)
 VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
  array(
-       $_POST['title'],
-       bigintval($_POST['rate']),
-       bigintval($_POST['mpoi']),
-       $_POST['yacc'],
-       $_POST['ypass'],
-       $_POST['yurl'],
-       $_POST['yrdone'],
-       $_POST['yrfailed'],
-       $_POST['ytrans'],
-       $_POST['allow_url'],
+       REQUEST_POST('title'),
+       bigintval(REQUEST_POST('rate')),
+       bigintval(REQUEST_POST('mpoi')),
+       REQUEST_POST('yacc'),
+       REQUEST_POST('ypass'),
+       REQUEST_POST('yurl'),
+       REQUEST_POST('yrdone'),
+       REQUEST_POST('yrfailed'),
+       REQUEST_POST('ytrans'),
+       REQUEST_POST('allow_url'),
 ), __FILE__, __LINE__);
-               $msg = ADMIN_PAYOUT_TYPE_ADDED;
+               $msg = getMessage('ADMIN_PAYOUT_TYPE_ADDED');
        } else {
                // Free memory
                SQL_FREERESULT($result);
@@ -77,16 +77,16 @@ VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
 $result_mem = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE `status`='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__);
 
 $display = true;
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Edit payout types
-       if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+       if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
                // Edit entries
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Edit only if something is entered
-                       if ((!empty($_POST['title'][$id])) && ($_POST['rate'][$id] > 0)) {
+                       if ((REQUEST_ISSET_POST(('title', $id))) && (REQUEST_POST('rate', $id) > 0)) {
                                // Update entry
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_payout_types` SET
 type='%s',
@@ -95,18 +95,18 @@ min_points=%s,
 allow_url='%s'
 WHERE id='".$id."' LIMIT 1",
  array(
-       $_POST['title'][$id],
-       bigintval(REVERT_COMMA($_POST['rate'][$id])),
-       bigintval(REVERT_COMMA($_POST['mpoi'][$id])),
-       $_POST['allow'][$id],
+       REQUEST_POST('title', $id),
+       bigintval(REVERT_COMMA(REQUEST_POST('rate', $id))),
+       bigintval(REVERT_COMMA(REQUEST_POST('mpoi' , $id))),
+       REQUEST_POST('allow', $id),
 ),__FILE__, __LINE__);
                        }
                }
-               $msg = ADMIN_PAYOUT_ENTRIES_CHANGED;
+               $msg = getMessage('ADMIN_PAYOUT_ENTRIES_CHANGED');
        } else {
                $display = false; //Suppress any other outputs
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load data
                        $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
@@ -132,11 +132,11 @@ WHERE id='".$id."' LIMIT 1",
                // Load main template
                LOAD_TEMPLATE("admin_config_payouts_edit");
        }
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Delete payout types
-       if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+       if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
                // Delete entries
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                }
@@ -144,7 +144,7 @@ WHERE id='".$id."' LIMIT 1",
        } else {
                $display = false; //Suppress any other outputs
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID number
                        $id = bigintval($id);
 
index 524ec68c71c51a9ea69c0f74a9866ddcb81f83f0..085393a3d5150737e4e3b28916cbf5d97eccfe0b 100644 (file)
@@ -44,61 +44,61 @@ ADD_DESCR("admin", __FILE__);
 $message = "";
 
 // Is the 'sub' parameter set?
-if (!empty($_GET['sub'])) {
+if (REQUEST_ISSET_GET(('sub'))) {
        // Yes, then do some sanity-checks
-       switch ($_GET['sub'])
+       switch (REQUEST_GET('sub'))
        {
        case "points":
-               if ((empty($_POST['points_register'])) || (empty($_POST['points_ref']))) {
-                       unset($_POST['ok']);
+               if ((!REQUEST_ISSET_POST(('points_register'))) || (!REQUEST_ISSET_POST(('points_ref')))) {
+                       REQUEST_UNSET_POST('ok');
                }
                break;
 
        case "ref":
-               if (isset($_GET['do'])) {
-                       if (((empty($_POST['lvl'])) || (empty($_POST['perc']))) && ($_GET['do'] == "add")) {
-                               unset($_POST['ok']);
+               if (REQUEST_ISSET_GET(('do'))) {
+                       if (((!REQUEST_ISSET_POST(('lvl'))) || (!REQUEST_ISSET_POST(('perc')))) && (REQUEST_GET('do') == "add")) {
+                               REQUEST_UNSET_POST('ok');
                        }
                }
                break;
        }
 } else {
        // Display overview
-       $_GET['sub'] = "overview";
+       REQUEST_SET_GET('sub', "overview");
 }
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        $SQLs = array();
-       switch ($_GET['sub'])
+       switch (REQUEST_GET('sub'))
        {
        case "points":
-               $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".$_POST['points_register']."', points_ref='".$_POST['points_ref']."' WHERE config=0 LIMIT 1";
+               $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".REQUEST_POST('points_register')."', points_ref='".REQUEST_POST('points_ref')."' WHERE config=0 LIMIT 1";
                break;
 
        case "ref":
-               switch ($_GET['do'])
+               switch (REQUEST_GET('do'))
                {
                case "add":
-                       $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".$_POST['lvl']."','".$_POST['perc']."')";
+                       $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".REQUEST_POST('lvl')."','".REQUEST_POST('perc')."')";
                        break;
 
                case "edit": // Change entries
-                       foreach ($_POST['lvl'] as $id => $value) {
+                       foreach (REQUEST_POST('lvl') as $id => $value) {
                                // Secure ID
                                $id = bigintval($id);
 
                                // Revert german commata
-                               $_POST['perc'][$id] = REVERT_COMMA($_POST['perc'][$id]);
+                               REQUEST_POST('perc', $id) = REVERT_COMMA(REQUEST_POST('perc', $id));
 
                                // Update entry
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refdepths` SET level='%s', percents='%s' WHERE id=%s LIMIT 1",
-                                       array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__);
+                                       array(bigintval($value), REQUEST_POST('perc', $id), $id), __FILE__, __LINE__);
                        }
                        $message = REF_DEPTHS_SAVED;
                        break;
 
                case "del":
-                       foreach ($_POST['id'] as $id => $value) {
+                       foreach (REQUEST_POST('id') as $id => $value) {
                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
                                        array(bigintval($id)), __FILE__, __LINE__);
                        }
@@ -113,21 +113,21 @@ if (isset($_POST['ok'])) {
                break;
 
        case "settings":
-               $REF = bigintval($_POST['ref_payout']);
+               $REF = bigintval(REQUEST_POST('ref_payout'));
                $SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_config` SET
 allow_direct_pay='%s',
 reg_points_mode='%s',
 ref_payout='%s'
 WHERE config=0 LIMIT 1",
-                       $_POST['allow_direct_pay'],
-                       $_POST['reg_points_mode'],
+                       REQUEST_POST('allow_direct_pay'),
+                       REQUEST_POST('reg_points_mode'),
                        $REF
                );
-               if ((getConfig('ref_payout') == 0) && ($_POST['ref_payout'] > 0)) {
+               if ((getConfig('ref_payout') == 0) && (REQUEST_POST('ref_payout') > 0)) {
                        // Update account's ref_payout for "must-confirm"
                        $SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=(%s - mails_confirmed)
 WHERE mails_confirmed < %s", $REF, $REF);
-               } elseif ((getConfig('ref_payout') > 0) && ($_POST['ref_payout'] == 0)) {
+               } elseif ((getConfig('ref_payout') > 0) && (REQUEST_POST('ref_payout') == 0)) {
                        // Update account's ref_payout for "not-must-confirm"
                        $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=0 WHERE ref_payout > 0";
                        $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_points` SET points=points+locked_points WHERE locked_points>0";
@@ -139,7 +139,7 @@ WHERE mails_confirmed < %s", $REF, $REF);
        if ((isset($SQLs)) && (is_array($SQLs)) && (!empty($SQLs[0]))) {
                if (strpos($SQLs[0], "INSERT") > -1) {
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE level='%s' LIMIT 1",
-                               array(bigintval($_POST['lvl'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_POST('lvl'))), __FILE__, __LINE__);
                        SQL_FREERESULT($result);
                } // END - if
 
@@ -166,7 +166,7 @@ WHERE mails_confirmed < %s", $REF, $REF);
                // When do so...
                LOAD_TEMPLATE("admin_settings_saved", false, $message);
        }
-} elseif ($_GET['sub'] == "settings") {
+} elseif (REQUEST_GET('sub') == "settings") {
        // Setup some settings like direct pay and so on
        // Including new add-mode for one-time referal bonus
        switch (getConfig('allow_direct_pay')) {
@@ -192,11 +192,11 @@ WHERE mails_confirmed < %s", $REF, $REF);
 
        // Load template
        LOAD_TEMPLATE("admin_config_point_settings");
-} elseif ($_GET['sub'] == "ref") {
-       if ((isset($_POST['del'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif (REQUEST_GET('sub') == "ref") {
+       if ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
                // Delete entries
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $value) {
+               foreach (REQUEST_POST('sel') as $id => $value) {
                        $result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
@@ -218,10 +218,10 @@ WHERE mails_confirmed < %s", $REF, $REF);
 
                // Load main template
                LOAD_TEMPLATE("admin_points_del");
-       } elseif ((isset($_POST['edit'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+       } elseif ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
                // Edit entries
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $value) {
+               foreach (REQUEST_POST('sel') as $id => $value) {
                        $result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
@@ -276,7 +276,7 @@ WHERE mails_confirmed < %s", $REF, $REF);
                // Form for adding new referal levels
                LOAD_TEMPLATE("admin_add_reflvl");
        }
-} elseif ($_GET['sub'] == "points") {
+} elseif (REQUEST_GET('sub') == "points") {
        // First points for registration and other fixed points including new add-mode for one-time referal bonus...
        define('P_REG_VALUE', getConfig('points_register'));
        define('P_REF_VALUE', getConfig('points_ref'));
index ea836b6fcf4838d69628b54ec159e3fc8beb04b3..8b26a7b621605422cf22ca1e7bdc1d13393759be 100644 (file)
@@ -40,21 +40,21 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // First merge temporarily the new API data into the current config
-       mergeConfig($_POST);
+       mergeConfig(REQUEST_POST_ARRAY());
 
        // Is the password set?
-       if (isset($_POST['pass'])) {
+       if (REQUEST_ISSET_POST(('pass'))) {
                // Then hash and remove it
-               $_POST['primera_api_md5'] = md5($_POST['pass']);
-               unset($_POST['pass']);
+               REQUEST_SET_POST('primera_api_md5', md5(REQUEST_POST('pass')));
+               REQUEST_UNSET_POST('pass');
        } // END - if
 
        // Let's test the API first (hold your horses here, cowboy! Thank you. :) )
        if (PRIMERA_TEST_API()) {
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Failed to test the API!
                LOAD_TEMPLATE("admin_settings_saved", false, GET_PRIMERA_ERROR_MESSAGE());
index 9d74c9bf7a70d73ba57725e5d974da5228c90a59..b01ace10700f9156ceac6f66d37c9967702664ea 100644 (file)
@@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Test proxy settings
-       if (ADMIN_TEST_PROXY_SETTINGS($_POST)) {
+       if (ADMIN_TEST_PROXY_SETTINGS(REQUEST_POST_ARRAY())) {
                // Save configuration
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Invalid!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_PROXY_SETTINGS_INVALID'));
index 33f53536c65ea0fcf0828c98fe5ed92a4187020e..73e182fdc68c2943320a3c93d9255a51a1067c87 100644 (file)
@@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
 {
        // Price submitted?
-       if (isset($_POST['add']))
+       if (REQUEST_ISSET_POST(('add')))
        {
-               if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
+               if ((REQUEST_ISSET_POST(('level'))) && ((REQUEST_ISSET_POST(('points'))) || (REQUEST_ISSET_POST(('info')))))
                {
                        // Submitted data is valid, but maybe we already have this price level?
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
-                        array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('rallye')), bigintval(REQUEST_POST('level'))), __FILE__, __LINE__);
 
                        if (SQL_NUMROWS($result) == 0)
                        {
@@ -57,10 +57,10 @@ if (!empty($_GET['rallye']))
                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_prices` (rallye_id, price_level, points, info)
 VALUES ('%s','%s','%s','%s')",
  array(
-       bigintval($_GET['rallye']),
-       bigintval($_POST['level']),
-       $_POST['points'],
-       $_POST['info']
+       bigintval(REQUEST_GET('rallye')),
+       bigintval(REQUEST_POST('level')),
+       REQUEST_POST('points'),
+       REQUEST_POST('info')
 ), __FILE__, __LINE__);
                                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
                        }
@@ -73,12 +73,12 @@ VALUES ('%s','%s','%s','%s')",
                                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
                        }
                }
-       } elseif (isset($_POST['remove'])) {
+       } elseif (REQUEST_ISSET_POST(('remove'))) {
                // Check if at last one line is selected
-               $SEL = SELECTION_COUNT($_POST['sel']);
+               $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
                if ($SEL > 0) {
                        // Delete selected entries
-                       foreach ($_POST['sel'] as $id => $sel) {
+                       foreach (REQUEST_POST('sel') as $id => $sel) {
                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
                                        array(bigintval($id)), __FILE__, __LINE__);
                        }
@@ -88,33 +88,37 @@ VALUES ('%s','%s','%s','%s')",
                } else {
                        LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
                }
-       } elseif (isset($_POST['change'])) {
+       } elseif (REQUEST_ISSET_POST(('change'))) {
                // Change entries
-               foreach ($_POST['level'] as $id => $level) {
+               foreach (REQUEST_POST('level') as $id => $level) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Update entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_prices` SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
-                               array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
+                               array(
+                                       REQUEST_POST('rallye_id', $id),
+                                       bigintval($level),
+                                       REQUEST_POST('points', $id]),
+                                       REQUEST_POST('infos', $id),
+                                       $id
+                               ), __FILE__, __LINE__);
                }
 
                // Output message
                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
        }
 
-       if (isset($_POST['edit'])) {
+       if (REQUEST_ISSET_POST(('edit'))) {
                // Check if at last one line is selected
-               $SEL = SELECTION_COUNT($_POST['sel']);
-               if ($SEL > 0)
-               {
+               $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+               if ($SEL > 0) {
                        // Make selected editable
                        $SW = 2; $OUT = "";
-                       foreach ($_POST['sel'] as $id => $sel)
-                       {
+                       foreach (REQUEST_POST('sel') as $id => $sel) {
                                // Load data to selected rallye
                                $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
-                                array(bigintval($id)), __FILE__, __LINE__);
+                                       array(bigintval($id)), __FILE__, __LINE__);
                                list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
 
@@ -135,7 +139,7 @@ VALUES ('%s','%s','%s','%s')",
                        define('__PRICE_ROWS', $OUT);
 
                        // Prepare data for the main template
-                       define('__RALLYE_ID', $_GET['rallye']);
+                       define('__RALLYE_ID', REQUEST_GET('rallye'));
 
                        // Load main template
                        LOAD_TEMPLATE("admin_config_rallye_edit");
@@ -143,19 +147,19 @@ VALUES ('%s','%s','%s','%s')",
                 else
                {
                        // Nothing selected
-                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
+                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
                        LOAD_TEMPLATE("admin_settings_saved", false, $content);
                }
        }
-        elseif (isset($_POST['del']))
+        elseif (REQUEST_ISSET_POST(('del')))
        {
                // Check if at last one line is selected
-               $SEL = SELECTION_COUNT($_POST['sel']);
+               $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
                if ($SEL > 0)
                {
                        // List all prices
                        $SW = 2; $OUT = "";
-                       foreach ($_POST['sel'] as $id => $sel)
+                       foreach (REQUEST_POST('sel') as $id => $sel)
                        {
                                // Load data to selected rallye
                                $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
@@ -181,7 +185,7 @@ VALUES ('%s','%s','%s','%s')",
                        define('__PRICE_ROWS', $OUT);
 
                        // Prepare data for the main template
-                       define('__RALLYE_ID', $_GET['rallye']);
+                       define('__RALLYE_ID', REQUEST_GET('rallye'));
 
                        // Load main template
                        LOAD_TEMPLATE("admin_config_rallye_del");
@@ -189,7 +193,7 @@ VALUES ('%s','%s','%s','%s')",
                 else
                {
                        // Nothing selected
-                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
+                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
                        LOAD_TEMPLATE("admin_settings_saved", false, $content);
                }
        }
@@ -197,7 +201,7 @@ VALUES ('%s','%s','%s','%s')",
        {
                // a rallye was selected, so check if there are already prices assigned...
                $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s ORDER BY price_level",
-                array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+                array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
 
                if (SQL_NUMROWS($result) > 0)
                {
@@ -226,7 +230,7 @@ VALUES ('%s','%s','%s','%s')",
                        define('__PRICE_ROWS', $OUT);
 
                        // Prepare data for the main template
-                       define('__RALLYE_ID', $_GET['rallye']);
+                       define('__RALLYE_ID', REQUEST_GET('rallye'));
 
                        // Load main template
                        LOAD_TEMPLATE("admin_config_rallye_prices");
@@ -234,13 +238,10 @@ VALUES ('%s','%s','%s','%s')",
        }
 
        // Add form for adding new price level
-       if (empty($_POST['edit']))
-       {
-               LOAD_TEMPLATE("admin_add_rallye_prices", false, $_GET['rallye']);
+       if (!REQUEST_ISSET_POST(('edit'))) {
+               LOAD_TEMPLATE("admin_add_rallye_prices", false, REQUEST_GET('rallye'));
        }
-}
- else
-{
+} else {
        // No rallye selected so display all available without prices
        $result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active
 FROM `{!_MYSQL_PREFIX!}_rallye_data` AS d, `{!_MYSQL_PREFIX!}_admins` AS a
index 3939a8c38973c5da252ee26e02395ec6bcd6c642..599f4b7339526c75292ea35c18b7a3cfc4429dbe 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare content
        $content = array(
index e73793413654742e2fc6015fd5c3182fbe780272..7d91ef73042936b8a342c21010bdee1a15c17264 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare contants for the template
        define('__MEMBER_SELECTION', ADD_MEMBER_SELECTION_BOX(getConfig('def_refid'), false, true, true, "def_refid"));
index 21e4c6d53a4ed3142cbf5f359c13b3d4706f2e57..be5aab4947c102c4ebddd9c8a6b92440368637da 100644 (file)
@@ -41,8 +41,8 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Do we want to save changes?
-if (isset($_POST['ok'])) {
-       foreach ($_POST['sel'] as $id => $value) {
+if (IS_FORM_SENT()) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_must_register` SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1",
                        array($value, bigintval($id), $value),__FILE__, __LINE__);
        }
index 0b66142186e1d586c940d3995d5041562214ca01..3356d97c9fdbb19150058f90f88a1e05d6f6b930 100644 (file)
@@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Calculate timestamp from selections...
-       $_POST['ip_timeout'] = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", $_POST);
-       $_POST['least_cats'] = round($_POST['least_cats']);
+       REQUEST_SET_POST('ip_timeout', CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", REQUEST_POST_ARRAY()));
+       REQUEST_SET_POST('least_cats', round(REQUEST_POST('least_cats')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Remember stuff in constants
        define('LEAST_CATS_VALUE'   , round(getConfig('least_cats')));
index 3340076b3298c18d2d429600968e9627fb237cb8..f0e0db829730d2117d0747bc31f0d600a8b2a444 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data
        switch (getConfig('removeip_anon_ip')) {
index ed73ec998f56756b47a4105b3aec3ca4d444b8b3..00bfce4a4e4a09f714f4bad238ac58db4efaaff8 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Generate string
        $MODs = array();
-       foreach ($_POST['mod'] as $mod => $sel) {
+       foreach (REQUEST_POST('mod') as $mod => $sel) {
                // Now you can never deselect the admin module, bah!!! ;-)
                if (($sel == "Y") || ($mod == "admin")) {
                        // Add module to queue
@@ -52,11 +52,11 @@ if (isset($_POST['ok'])) {
        }
 
        // Implode array to string and remove posted mod array
-       $_POST['rewrite_skip'] = implode(":", $MODs);
-       unset($_POST['mod']);
+       REQUEST_SET_POST('rewrite_skip', implode(":", $MODs));
+       REQUEST_UNSET_POST(('mod'));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Load existing modules and generate TR rows for the template
        $result = SQL_QUERY("SELECT module, title FROM `{!_MYSQL_PREFIX!}_mod_reg` ORDER BY module", __FILE__, __LINE__);
index b717f17bcca13b19e9bfdf7573b4b95a8bbe5687..3effe1dfdaf2ac78fe495d4bcfd81b2606f33574 100644 (file)
@@ -39,21 +39,21 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // If salt length is empty or null then we shall generate new passwords
-       if (empty($_POST['salt_length']) || ($_POST['salt_length'] == "0")) {
+       if (!REQUEST_ISSET_POST(('salt_length')) || (REQUEST_POST('salt_length') == "0")) {
                // Generate new passwords for all!
                LOAD_INC("inc/gen_sql_patches.php");
 
                // Forget the wrong number!
-               unset($_POST['salt_length']);
+               REQUEST_UNSET_POST(('salt_length'));
 
                // Redirect to logout link
                LOAD_URL("modules.php?module=admin&logout=1");
        } // END - if
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Remember stuff in constants
        define('__PASS_LEN'   , getConfig('pass_len'));
index 9da34ffb187ad9b21c2cc99ab36af73650879f38..131bf44ad5fad7750831fd698e09c4be1a1e0c78 100644 (file)
@@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Test Path
-       if ((empty($_POST['session_save_path'])) || ((is_dir($_POST['session_save_path'])) && (is_writeable($_POST['session_save_path'])))) {
+       if ((!REQUEST_ISSET_POST(('session_save_path'))) || ((is_dir(REQUEST_POST('session_save_path'))) && (is_writeable(REQUEST_POST('session_save_path'))))) {
                // Save configuration
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Invalid!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SESSION_SAVE_PATH_INVALID'));
index ba900de273cca9270756feea1b1693949de8dd25..292fd279bad4c14dec6e5a0dcde1835d9403a32a 100644 (file)
@@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Allow only direct points (non-floating)
-       $_POST['sponsor_min_points'] = bigintval($_POST['sponsor_min_points']);
-       $_POST['sponsor_ref_points'] = bigintval($_POST['sponsor_ref_points']);
+       REQUEST_SET_POST('sponsor_min_points', bigintval(REQUEST_POST('sponsor_min_points')));
+       REQUEST_SET_POST('sponsor_ref_points', bigintval(REQUEST_POST('sponsor_ref_points')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Remember config data in constants for the template
        define('__SPONSOR_MIN_POINTS', getConfig('sponsor_min_points'));
index d76591812a102576cb51734f40ad472794980d3d..ece898a4d2fae3c15df348881d3ed53c5b370449 100644 (file)
@@ -41,9 +41,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Guest stats
        switch (getConfig('guest_stats'))
index dcbea253335443bd671b2b1d4bcf93786e6278a7..854470c60137b897e8974d5d1ad876e5a508fa9c 100644 (file)
@@ -41,14 +41,14 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Replace german decimal comma with computer decimal dot
-       if (isset($_POST['surfbar_static_reward']))   $_POST['surfbar_static_reward']   = REVERT_COMMA($_POST['surfbar_static_reward']);
-       if (isset($_POST['surfbar_static_costs']))    $_POST['surfbar_static_costs']    = REVERT_COMMA($_POST['surfbar_static_costs']);
-       if (isset($_POST['surfbar_dynamic_percent'])) $_POST['surfbar_dynamic_percent'] = REVERT_COMMA($_POST['surfbar_dynamic_percent']);
+       if (REQUEST_ISSET_POST(('surfbar_static_reward')))   REQUEST_SET_POST('surfbar_static_reward'  , REVERT_COMMA(REQUEST_POST('surfbar_static_reward')));
+       if (REQUEST_ISSET_POST(('surfbar_static_costs')))    REQUEST_SET_POST('surfbar_static_costs'   , REVERT_COMMA(REQUEST_POST('surfbar_static_costs')));
+       if (REQUEST_ISSET_POST(('surfbar_dynamic_percent'))) REQUEST_SET_POST('surfbar_dynamic_percent', REVERT_COMMA(REQUEST_POST('surfbar_dynamic_percent')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare content
        $content = array(
index 8ebb2a9335fff1e428db5b3a18fdb30f10e6c53e..4f15a691c3ee6d5491787b5c55feee8dccda45d2 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
  else
 {
index 4eeaf49ac6412c7f0671e81014c549f5ce32f7e5..553a924d8687ba0d0936262152fa4b0d58deb16b 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
  else
 {
index 5e6e755869ea5c2df21a6d03c89ea89beb4fba3d..29320d186341e96c6a9249cfeb9b463abf40822c 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save settings...
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
 
 // Prepare constants for template
index 62df2811ffea7e3f15dc633e831f8b972e3e6b7b..914c9c22ef86a51e5761149e6c4e0ea9c817f614 100644 (file)
@@ -39,9 +39,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare constants for the template
        define('__LIMIT_VALUE', getConfig('user_limit'));
index b92afc06d5054dda393d86f91b27aa1340f324ce..1dc18f61836cdabf6ee10faf6b81bee611e23322 100644 (file)
@@ -40,23 +40,23 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // First merge temporarily the new API data into the current config
-       mergeConfig($_POST);
+       mergeConfig(REQUEST_POST_ARRAY());
 
        // Let's test the API first (hold your horses here, cowboy! Thank you. :) )
        if (WERNIS_TEST_API()) {
                // Revert german commata
                foreach (array('payout_factor', 'withdraw_factor', 'payout_fee_percent', 'withdraw_fee_percent') as $revert) {
-                       $_POST['wernis_'.$revert] = REVERT_COMMA($_POST['wernis_'.$revert]);
+                       REQUEST_SET_POST('wernis_'.$revert, REVERT_COMMA(REQUEST_POST('wernis_'.$revert)));
                } // END - if
 
                // Hash the password and remove clear-text
-               $_POST['wernis_pass_md5'] = md5($_POST['wernis_pass']);
-               unset($_POST['wernis_pass']);
+               REQUEST_SET_POST('wernis_pass_md5', md5(REQUEST_POST('wernis_pass')));
+               REQUEST_UNSET_POST(('wernis_pass'));
 
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Failed to test the API!
                LOAD_TEMPLATE("admin_settings_saved", false, GET_WERNIS_ERROR_MESSAGE());
index 0b2618f03eaa1386405a867cc2b962461399de19..0f3e923d8d9f2c2f0c3dc2efc584b2c4396006db 100644 (file)
@@ -44,11 +44,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Test Yoo!Media config
-       if (YOOMEDIA_TEST_CONFIG($_POST)) {
+       if (YOOMEDIA_TEST_CONFIG(REQUEST_POST_ARRAY())) {
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Config not saved
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_CONFIG_YOOMEDIA_TEST_FAILED'));
index a1ed1b1c45afc91781daa2be323929ef6792631c..3b2e9fe47defa1c9bf30cd08447d73c419f3b6dc 100644 (file)
@@ -46,10 +46,10 @@ ADD_DESCR("admin", __FILE__);
 // Init counter for deleted mails
 $cnt = 0;
 
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
        // Load email data
        $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
-               array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
 
        // Delete mail only once
        if (SQL_NUMROWS($result) == 1) {
@@ -82,7 +82,7 @@ if (!empty($_GET['mid'])) {
 LEFT JOIN `{!_MYSQL_PREFIX!}_pool` AS p
 ON s.pool_id=p.id
 WHERE s.pool_id=%s LIMIT 1",
- array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_pool) == 1) {
                        // Fetch stats id
                        list($stats_id) = SQL_FETCHROW($result_pool);
@@ -91,7 +91,7 @@ WHERE s.pool_id=%s LIMIT 1",
                        $links = GET_TOTAL_DATA($stats_id, "user_links", "userid", "stats_id", true);
 
                        // Reset sent mails for recipient(s)
-                       REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", $_GET['mid'], $links);
+                       REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", REQUEST_GET('mid'), $links);
 
                        // Calc total points and pay them back
                        $totalPoints = $links * $price;
@@ -137,7 +137,7 @@ WHERE s.pool_id=%s LIMIT 1",
                        $cnt += SQL_AFFECTEDROWS();
 
                        // Load template for link
-                       LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&amp;what=del_email&amp;pid=".bigintval($_GET['mid'])."\">".ADMIN_REMOVE_STATS_ENTRY."</a>");
+                       LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&amp;what=del_email&amp;pid=".bigintval(REQUEST_GET('mid'))."\">".ADMIN_REMOVE_STATS_ENTRY."</a>");
                } // END - if
 
                // Free the result
@@ -145,7 +145,7 @@ WHERE s.pool_id=%s LIMIT 1",
 
                // Delete mail from queue
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
-                       array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
                $cnt += SQL_AFFECTEDROWS();
 
                // Output link for manually removing stats entry
@@ -154,17 +154,17 @@ WHERE s.pool_id=%s LIMIT 1",
                // Mail already deleted!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NORMAL_MAIL_ALREADY_DELETED'));
        }
-} elseif (!empty($_GET['pid'])) {
+} elseif (REQUEST_ISSET_GET(('pid'))) {
        // Remove stats entries
        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE pool_id=%s LIMIT 1",
-               array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
 
        // Output message
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_USER_STATS_REMOVED'));
-} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
+} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("bonus"))) {
        // Load data from bonus mail
        $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s",
-               array(bigintval($_GET['bid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__);
 
        // Delete mail only once
        if (SQL_NUMROWS($result) == 1) {
@@ -172,17 +172,17 @@ WHERE s.pool_id=%s LIMIT 1",
                list ($id, $subject, $url, $timestamp, $sent) = SQL_FETCHROW($result);
 
                // Reset sent mails for recipient(s)
-               REDUCT_RECIPIENT_RECEIVED_MAILS ("bonus_id", $_GET['bid'], $sent);
+               REDUCT_RECIPIENT_RECEIVED_MAILS ("bonus_id", REQUEST_GET('bid'), $sent);
 
                // Init counter for deleted mails
                $cnt = 0;
 
                // Delete bonus mail entirely from database
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1",
-                       array(bigintval($_GET['bid'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__);
                $cnt += SQL_AFFECTEDROWS();
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE bonus_id=%s",
-                       array(bigintval($_GET['bid'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('bid'))), __FILE__, __LINE__);
                $cnt += SQL_AFFECTEDROWS();
 
                // Prepare data for the template
@@ -201,10 +201,10 @@ WHERE s.pool_id=%s LIMIT 1",
 
        // Free result
        SQL_FREERESULT($result);
-} elseif ((!empty($_GET['nid'])) && (GET_EXT_VERSION("bonus") >= "0.8.7")) {
+} elseif ((REQUEST_ISSET_GET(('nid'))) && (GET_EXT_VERSION("bonus") >= "0.8.7")) {
        // Load data from bonus mail
        $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s",
-               array(bigintval($_GET['nid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__);
 
        // Delete mail only once
        if (SQL_NUMROWS($result) == 1) {
@@ -217,10 +217,10 @@ WHERE s.pool_id=%s LIMIT 1",
 
                // Delete bonus mail entirely from database
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1",
-                       array(bigintval($_GET['nid'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__);
                $cnt += SQL_AFFECTEDROWS();
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE bonus_id=%s",
-                       array(bigintval($_GET['nid'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('nid'))), __FILE__, __LINE__);
                $cnt += SQL_AFFECTEDROWS();
 
                // Prepare data for the template
index 2e4bc33e4ad4ddc2c929d6f7bad9844fce012d1b..8fa89f5218ad4fcadf5d0c97517d6f06b867d641 100644 (file)
@@ -42,14 +42,14 @@ ADD_DESCR("admin", __FILE__);
 
 // Check for selected holidays
 $SUM = 0;
-if (isset($_POST['sel'])) $SUM = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SUM = SELECTION_COUNT(REQUEST_POST('sel'));
 
 // Shall I delete selected holidays???
 if ($SUM > 0)
 {
        // Delete multiple holiday requests (for list_holiday)
        $cnt = 0;
-       foreach ($_POST['sel'] as $id => $sel)
+       foreach (REQUEST_POST('sel') as $id => $sel)
        {
                // Get the userid
                $result = SQL_QUERY_ESC("SELECT userid, holiday_start, holiday_end
@@ -84,7 +84,7 @@ WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
        }
        LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ADMIN_MULTI_DEL_1.$cnt.HOLIDAY_ADMIN_MULTI_DEL_2);
 }
- elseif (!empty($_GET['u_id']))
+ elseif (REQUEST_ISSET_GET(('uid')))
 {
        // Set default message
        $MSG = HOLIDAY_ADMIN_SINGLE_404;
@@ -92,7 +92,7 @@ WHERE id=%s LIMIT 1", array(bigintval($id)), __FILE__, __LINE__);
        // Fetch data
        $result_load = SQL_QUERY_ESC("SELECT holiday_start AS start, holiday_end AS end
 FROM `{!_MYSQL_PREFIX!}_user_holidays`
-WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_load) == 1)
        {
                // Load data
@@ -104,11 +104,11 @@ WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
                // Delete one holiday request (for task)
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_holidays`
-WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+WHERE userid=%s LIMIT 1", array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
 
                // Send email to user
-               $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, $_GET['u_id']);
-               SEND_EMAIL($_GET['u_id'], HOLIDAY_ADMIN_REMOVED_SUBJ, $msg);
+               $msg = LOAD_EMAIL_TEMPLATE("member_holiday_removed", $content, REQUEST_GET('uid'));
+               SEND_EMAIL(REQUEST_GET('uid'), HOLIDAY_ADMIN_REMOVED_SUBJ, $msg);
 
                // Set message
                $MSG = HOLIDAY_ADMIN_SINGLE_DELETED;
index 51b98f72e9f93f6423732025c7073f44fe5b5f75..dca9ca67de8e79c6619dfd51213fbc443c3c0cbe 100644 (file)
@@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT email, gender, surname, family FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
-               array(bigintval($_GET['id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Remove sponsor
-               if (isset($_POST['ok'])) {
+               if (IS_FORM_SENT()) {
                        // Load data and remember it in constants
                        list($email, $gender, $surname, $family) = SQL_FETCHROW($result);
 
@@ -59,22 +59,22 @@ if (!empty($_GET['id'])) {
                        define('__FAMILY' , $family);
 
                        // Prepare message and send it away
-                       $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", $_POST['reason'], bigintval($_GET['id']));
+                       $msg = LOAD_EMAIL_TEMPLATE("del_sponsor", REQUEST_POST('reason'), bigintval(REQUEST_GET('id')));
                        SEND_EMAIL($email, getMessage('ADMIN_SPONSOR_DEL_SUBJECT'), $msg);
 
                        // Remove account
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
-                               array(bigintval($_GET['id'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
 
                        // Remove orders
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_orders` WHERE sponsorid='%s' LIMIT 1",
-                               array(bigintval($_GET['id'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
 
                        // Output message
-                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_DELETED'), bigintval($_GET['id'])));
-               } elseif (!empty($_POST['no'])) {
+                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_DELETED'), bigintval(REQUEST_GET('id'))));
+               } elseif (REQUEST_ISSET_POST(('no'))) {
                        // Do not delete him...
-                       LOAD_URL("modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['id']));
+                       LOAD_URL("modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval(REQUEST_GET('id')));
                } else {
                        // Load data
                        list ($email, $gender, $sname, $fname) = SQL_FETCHROW($result);
@@ -84,14 +84,14 @@ if (!empty($_GET['id'])) {
                        define('__SNAME' , $sname);
                        define('__FNAME' , $fname);
                        define('__GENDER', TRANSLATE_GENDER($gender));
-                       define('__UID'   , bigintval($_GET['id']));
+                       define('__UID'   , bigintval(REQUEST_GET('id')));
 
                        // Display form
                        LOAD_TEMPLATE("admin_del_sponsor");
                }
        } else {
                // Sponsor not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))));
        }
 } else {
        // Not called by what-list_sponsor.php
index 8183fef0fc1e9a37142ddd91264d7bce3987ebf9..6cfeda596acb3120c31e96e6557502caaf9b92d6 100644 (file)
@@ -41,14 +41,14 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']) || (!IS_ADMIN()))
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['del']))
+if (REQUEST_ISSET_POST(('del')))
 {
        // Delete entries from tables
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0)
        {
                // Delete entries...
-               foreach ($_POST['sel'] as $id => $sel)
+               foreach (REQUEST_POST('sel') as $id => $sel)
                {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_transfers_in` WHERE trans_id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
index c7a798a57c95a947067946b3be6771c77fde48ca..08ea5c04e9e48bd7df41c1c7d40f4cf3b5d41c06 100644 (file)
@@ -41,31 +41,31 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // User exists..
-if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'])))) {
+if ((IS_FORM_SENT()) || ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('reason'))))) {
        // Delete users account
        $result_user = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_user) == 1) {
                // Free memory
                SQL_FREERESULT($result_user);
 
                // Delete user account
-               DELETE_USER_ACCOUNT(bigintval($_GET['u_id']), $_POST['reason']);
+               DELETE_USER_ACCOUNT(bigintval(REQUEST_GET('uid')), REQUEST_POST('reason'));
                LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_green\">".ADMIN_DEL_COMPLETED."</div>");
        } else {
                // Account does not exists!
-               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
        }
-} elseif (!empty($_POST['no'])) {
+} elseif (REQUEST_ISSET_POST(('no'))) {
        // Do not delete him...
-       LOAD_URL("modules.php?module=admin&amp;what=list_user&amp;u_id=".$_GET['u_id']);
-} elseif (empty($_GET['u_id'])) {
+       LOAD_URL("modules.php?module=admin&amp;what=list_user&amp;uid=".REQUEST_GET('uid'));
+} elseif (!REQUEST_ISSET_GET(('uid'))) {
        // Output selection form with all confirmed user accounts listed
        ADD_MEMBER_SELECTION_BOX();
 } else {
        // Realy want to delete?
        $result = SQL_QUERY_ESC("SELECT email, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Load data
                list ($email, $sname, $fname) = SQL_FETCHROW($result);
@@ -75,13 +75,13 @@ if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']
                define('__EMAIL', CREATE_EMAIL_LINK($email, "user_data"));
                define('__SNAME', $sname);
                define('__FNAME', $fname);
-               define('__UID'  , $_GET['u_id']);
+               define('__UID'  , REQUEST_GET('uid'));
 
                // Display form
                LOAD_TEMPLATE("admin_del_user");
        } else {
                // Account does not exists!
-               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
        }
 }
 
index bb171d0de35768701a0bf72df35906451a60222d..c7e5c74de3f4844da816363a7c7a5e23174c08e8 100644 (file)
@@ -40,26 +40,26 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if ((isset($_POST['ok'])) && (empty($_POST['id']))) {
-       unset($_POST['ok']);
+if ((IS_FORM_SENT()) && (!REQUEST_ISSET_POST(('id')))) {
+       REQUEST_UNSET_POST('ok');
 }
 
 $result = SQL_QUERY("SELECT id, sender, subject, payment_id, cat_id FROM `{!_MYSQL_PREFIX!}_pool` ORDER BY timestamp", __FILE__, __LINE__);
 if (SQL_NUMROWS($result) > 0) {
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Make mail editable...
                $result = SQL_QUERY_ESC("SELECT subject, text, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
-                array(bigintval($_POST['id'])), __FILE__, __LINE__);
+                array(bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
                list($subj, $text, $url) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
-               define('__ID_VALUE'  , $_POST['id']);
+               define('__ID_VALUE'  , REQUEST_POST('id'));
                define('__URL_VALUE' , $url);
                define('__SUBJ_VALUE', $subj);
                define('__TEXT_VALUE', $text);
 
                // Load template
                LOAD_TEMPLATE("admin_edit_email");
-       } elseif (!empty($_POST['save'])) {
+       } elseif (REQUEST_ISSET_POST(('save'))) {
                // Save changes
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET
 subject='%s',
@@ -67,10 +67,10 @@ text='%s',
 url='%s'
 WHERE id=%s LIMIT 1",
  array(
-       $_POST['subj'],
-       $_POST['text'],
-       $_POST['url'],
-       bigintval($_POST['id']),
+       REQUEST_POST('subj'),
+       REQUEST_POST('text'),
+       REQUEST_POST('url'),
+       bigintval(REQUEST_POST('id')),
 ), __FILE__, __LINE__);
 
                if (SQL_AFFECTEDROWS() == 1) {
index 4b448b2546712220b066ffdc7247a759b8c5d594..183b4b1d99eaaa7f8688bd2dfdb197ba37a2a72f 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
+if ((REQUEST_ISSET_GET(('id'))) && (REQUEST_ISSET_GET(('mode')))) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, receive_warnings, warning_interval FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
-        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Load sponsor details
                $DATA = SQL_FETCHARRAY($result);
@@ -51,7 +51,7 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
 
                // Prepare all data for the template
                //  Sponsor's ID
-               define('__SPONSOR_ID' , bigintval($_GET['id']));
+               define('__SPONSOR_ID' , bigintval(REQUEST_GET('id')));
                //  Company's data
                define('__COMPANY'    , $DATA['company']);
                define('__POSITION'   , $DATA['position']);
@@ -95,29 +95,29 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
                define('__INTERVAL'   , CREATE_TIME_SELECTIONS($DATA['warning_interval'], "warning_interval", "MWDh"));
 
                // Init variables here
-               $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE($_GET['mode']));
+               $TPL = sprintf("admin_edit_sponsor_%s", SQL_ESCAPE(REQUEST_GET('mode')));
                $SQLs = array();
 
                // Sponsor was found
-               if ((isset($_POST['ok'])) || (isset($_POST['edit']))) {
+               if ((IS_FORM_SENT()) || (REQUEST_ISSET_POST(('edit')))) {
                        // Perform action on mode
-                       switch ($_GET['mode'])
+                       switch (REQUEST_GET('mode'))
                        {
                        case "add_points": // Add points
-                               if (strval($_POST['points']) > 0) {
+                               if (strval(REQUEST_POST('points')) > 0) {
                                        // Replace german decimal comma with computer's decimal dot
-                                       $POINTS = strval(REVERT_COMMA($_POST['points']));
+                                       $POINTS = strval(REVERT_COMMA(REQUEST_POST('points')));
 
                                        // Add points to account
                                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_amount=points_amount+%s WHERE id='%s' LIMIT 1",
-                                               array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
+                                               array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
 
                                        // Remember points /reason for the template
                                        define('__POINTS' , TRANSLATE_COMMA($POINTS));
-                                       define('__REASON' , $_POST['reason']);
+                                       define('__REASON' , REQUEST_POST('reason'));
 
                                        // Send email
-                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", $_POST['reason'], true);
+                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_add_points", REQUEST_POST('reason'), true);
                                        SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_ADD_POINTS, $msg);
                                        $MSG = ADMIN_SPONSOR_POINTS_ADDED;
                                } else {
@@ -127,20 +127,20 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
                                break;
 
                        case "sub_points": // Subtract points
-                               if (strval($_POST['points']) > 0) {
+                               if (strval(REQUEST_POST('points')) > 0) {
                                        // Replace german decimal comma with computer's decimal dot
-                                       $POINTS = strval(REVERT_COMMA($_POST['points']));
+                                       $POINTS = strval(REVERT_COMMA(REQUEST_POST('points')));
 
                                        // Add points to account
                                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET points_used=points_used+%s WHERE id='%s' LIMIT 1",
-                                               array($POINTS, bigintval($_GET['id'])), __FILE__, __LINE__);
+                                               array($POINTS, bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
 
                                        // Remember points /reason for the template
                                        define('__POINTS' , TRANSLATE_COMMA($POINTS));
-                                       define('__REASON' , $_POST['reason']);
+                                       define('__REASON' , REQUEST_POST('reason'));
 
                                        // Send email
-                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", $_POST['reason'], true);
+                                       $msg = LOAD_EMAIL_TEMPLATE("sponsor_sub_points", REQUEST_POST('reason'), true);
                                        SEND_EMAIL(__EMAIL, ADMIN_SPONSOR_SUB_POINTS, $msg);
                                        $MSG = ADMIN_SPONSOR_POINTS_SUBTRACTED;
                                } else {
@@ -151,33 +151,34 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
 
                        case "edit": // Edit sponsor account
                                $PASS = true;
-                               if (($_POST['pass1'] != $_POST['pass2']) || ((empty($_POST['pass1'])) && (empty($_POST['pass1'])))) {
+                               if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) || ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass1'))))) {
                                        // Remove passwords
-                                       unset($_POST['pass1']);
-                                       unset($_POST['pass2']);
+                                       REQUEST_UNSET_POST(('pass1'));
+                                       REQUEST_UNSET_POST(('pass2'));
                                        $PASS = false;
                                }
 
                                // Convert time selection
                                $DATA = array(); $id = "warning_interval_ye"; $skip = false;
-                               CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip);
+                               CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip);
 
                                // Save the sponsor
-                               SPONSOR_HANDLE_SPONSOR($_POST);
+                               SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY());
 
                                // Convert some data for the email template
-                               $_POST['gender'] = TRANSLATE_GENDER($_POST['gender']);
-                               $_POST['warning_interval'] = CREATE_FANCY_TIME($_POST['warning_interval']);
-                               if (!$PASS) $_POST['pass1'] = SPONSOR_PASS_UNCHANGED;
+                               REQUEST_POST('gender'          , TRANSLATE_GENDER(REQUEST_POST('gender')));
+                               REQUEST_POST('warning_interval', CREATE_FANCY_TIME(REQUEST_POST('warning_interval')));
+
+                               if (!$PASS) REQUEST_SET_POST('pass1', getMessage('SPONSOR_PASS_UNCHANGED'));
 
                                // Load email template and send the mail away
-                               $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", $_POST, false);
-                               SEND_EMAIL($_POST['email'], ADMIN_SPONSOR_EDIT_SUBJECT, $msg);
+                               $msg = LOAD_EMAIL_TEMPLATE("admin_sponsor_edit", REQUEST_POST_ARRAY(), false);
+                               SEND_EMAIL(REQUEST_POST('email'), getMessage('ADMIN_SPONSOR_EDIT_SUBJECT'), $msg);
                                break;
 
                        default: // Unknown mode
-                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", $_GET['mode']));
-                               $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE($_GET['mode']));
+                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown mode %s detected.", REQUEST_GET('mode')));
+                               $MSG = sprintf(getMessage('ADMIN_SPONSOR_INVALID_MODE'), SQL_ESCAPE(REQUEST_GET('mode')));
                                break;
                        }
 
@@ -193,11 +194,11 @@ if ((!empty($_GET['id'])) && (!empty($_GET['mode']))) {
                        LOAD_TEMPLATE($TPL);
                } else {
                        // Template not found!
-                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_MODUS_TPL_404'), SQL_ESCAPE($_GET['mode'])));
+                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_MODUS_TPL_404'), SQL_ESCAPE(REQUEST_GET('mode'))));
                }
        } else {
                // Sponsor not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))));
        }
 } else {
        // Not called by what-list_sponsor.php
index 726707009f722baf5276923776ed5643758f75f5..3934d67c65a60a0b9fb1e9cd7ee56467feb3aee0 100644 (file)
@@ -42,37 +42,37 @@ ADD_DESCR("admin", __FILE__);
 
 // Fix a notice
 $result_main = false;
-if (isset($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
        //                                    0      1        2         3      4     5      6       7         8          9           10         11
        $result_main = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails
 FROM `{!_MYSQL_PREFIX!}_user_data`
 WHERE userid=%s
 LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
 }
 
-if ((SQL_NUMROWS($result_main) == 1) || (empty($_GET['u_id'])))
+if ((SQL_NUMROWS($result_main) == 1) || (!REQUEST_ISSET_GET(('uid'))))
 {
        // User found
-       if (empty($_GET['u_id']))
+       if (!REQUEST_ISSET_GET(('uid')))
        {
                // Output selection form with all confirmed user accounts listed
                ADD_MEMBER_SELECTION_BOX();
        }
-        elseif (isset($_POST['edit']))
+        elseif (REQUEST_ISSET_POST(('edit')))
        {
                // Ok, change the account...
                $PASS = false; $ADD = "";
-               if ((empty($_POST['pass1'])) && (empty($_POST['pass2'])))
+               if ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2'))))
                {
                        // Don't change the password
                        $PASS = true;
                }
-                elseif (($_POST['pass1'] == $_POST['pass2']))
+                elseif ((REQUEST_POST('pass1') == REQUEST_POST('pass2')))
                {
                        // Change the password
                        $PASS = true;
-                       $ADD = ", password='".generateHash($_POST['pass1'])."'";
+                       $ADD = ", password='".generateHash(REQUEST_POST('pass1'))."'";
                }
                if ($PASS)
                {
@@ -89,15 +89,15 @@ email='%s'
 ".$ADD."
 WHERE userid=%s LIMIT 1",
  array(
-       substr($_POST['gender'], 0, 1),
-       $_POST['surname'],
-       $_POST['family_name'],
-       $_POST['street_nr'],
-       $_POST['country'],
-       bigintval($_POST['zip']),
-       $_POST['city'],
-       $_POST['email'],
-       bigintval($_GET['u_id']),
+       substr(REQUEST_POST('gender'), 0, 1),
+       REQUEST_POST('surname'),
+       REQUEST_POST('family'),
+       REQUEST_POST('street_nr'),
+       REQUEST_POST('country'),
+       bigintval(REQUEST_POST('zip')),
+       REQUEST_POST('city'),
+       REQUEST_POST('email'),
+       bigintval(REQUEST_GET('uid')),
 ), __FILE__, __LINE__);
                        $content = USER_ACCOUNT_SAVED;
                }
@@ -143,11 +143,11 @@ WHERE userid=%s LIMIT 1",
                define('_COUNTRY', $country); define('_EMAIL' , $email);
 
                // Load template
-               LOAD_TEMPLATE("admin_edit_user", false, bigintval($_GET['u_id']));
+               LOAD_TEMPLATE("admin_edit_user", false, bigintval(REQUEST_GET('uid')));
        }
 } else {
        // Account does not exists!
-       LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+       LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
 }
 
 //
index 5aa4d53081f958332b250e741ee6f2513745d760..1095da6e6570f595c87c17576f2c1f60f8f64ce4 100644 (file)
@@ -53,11 +53,11 @@ $SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, time
 $result_normal = SQL_QUERY($SQL, __FILE__, __LINE__);
 
 // Set offset an current page to default values
-if (empty($_GET['page']))   $_GET['page']   = "1";
-if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page');
+if (!REQUEST_ISSET_GET(('page')))   REQUEST_GET('page')   = "1";
+if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page'));
 
 // Add limitation to SQL string
-$SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset'];
+$SQL .= " LIMIT ".(REQUEST_GET('offset') * REQUEST_GET('page') - REQUEST_GET('offset')).", ".REQUEST_GET('offset');
 
 // Run SQL query for normal mails
 $result = SQL_QUERY($SQL, __FILE__, __LINE__);
index a2193ec131550c4fa45cd7ebe5fe8a60d7fe8de4..40161f3807d8cd5e1879c361cf2280c9fbc10609 100644 (file)
@@ -60,22 +60,22 @@ ORDER BY timestamp DESC";
 $WHO = _ALL;
 $SQL2 = "";
 
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
        // Only a specific mail shall be displayed
        //              0     1       2       3       4           5          6          7       8        9          10
        $SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, timestamp, url, target_send, cat_id
         FROM `{!_MYSQL_PREFIX!}_pool`
-        WHERE id='".bigintval($_GET['mid'])."'
+        WHERE id='".bigintval(REQUEST_GET('mid'))."'
         LIMIT 1";
-       $WHO = MAIL_ID.": ".$_GET['mid'];
-} elseif (!empty($_GET['u_id'])) {
+       $WHO = MAIL_ID.": ".REQUEST_GET('mid');
+} elseif (REQUEST_ISSET_GET(('uid'))) {
        // All mails by a specific member shall be displayed
        //              0     1       2       3       4           5          6          7       8        9          10
        $SQL = "SELECT id, sender, subject, text, receivers, payment_id, data_type, timestamp, url, target_send, cat_id
 FROM `{!_MYSQL_PREFIX!}_pool`
-WHERE sender='".bigintval($_GET['u_id'])."'
+WHERE sender='".bigintval(REQUEST_GET('uid'))."'
 ORDER by timestamp DESC";
-       $WHO = USER_ID.": ".$_GET['u_id'];
+       $WHO = USER_ID.": ".REQUEST_GET('uid');
 }
 
 if ((EXT_IS_ACTIVE("bonus")) && ($WHO == _ALL)) {
@@ -94,13 +94,13 @@ ORDER BY timestamp DESC";
 $result_normal = SQL_QUERY($SQL, __FILE__, __LINE__);
 
 // Set offset an current page to default values
-if (empty($_GET['page']))   $_GET['page']   = "1";
-if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page');
+if (!REQUEST_ISSET_GET(('page')))   REQUEST_GET('page')   = "1";
+if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page'));
 
 // Add limitation to SQL string
-if (empty($_GET['mid'])) {
+if (!REQUEST_ISSET_GET(('mid'))) {
        // Create limitation line
-       $ADD = " LIMIT ".(bigintval($_GET['offset']) * bigintval($_GET['page']) - bigintval($_GET['offset'])).", ".bigintval($_GET['offset']);
+       $ADD = " LIMIT ".(bigintval(REQUEST_GET('offset')) * bigintval(REQUEST_GET('page')) - bigintval(REQUEST_GET('offset'))).", ".bigintval(REQUEST_GET('offset'));
 
        // For normal mails
        $SQL .= $ADD;
index 548d708ade487c736f8f455754c57c095270db3f..7bab8cf7d26a7867a20f1df33db9feab39675d19 100644 (file)
@@ -43,15 +43,15 @@ ADD_DESCR("admin", __FILE__);
 // Normally we want the overview of all registered extensions
 $do = "overview";
 $SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 
-if (!empty($_GET['reg_ext'])) {
+if (REQUEST_ISSET_GET(('reg_ext'))) {
        // We are about to register a new extension
-       $do = "register"; $ext_id = bigintval($_GET['reg_ext']);
+       $do = "register"; $ext_id = bigintval(REQUEST_GET('reg_ext'));
        // The ID comes from task management and it is - of course - *not* the extension's name!
-} elseif ((isset($_POST['change'])) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0) && (!IS_DEMO())) {
        // De-/activate extensions
-       foreach ($_POST['sel'] as $ext_id => $active) {
+       foreach (REQUEST_POST('sel') as $ext_id => $active) {
                // Shall we keep the extension always active?
                if ((isset($GLOBALS['cache_array']['active_extensions'][GET_EXT_NAME($ext_id)])) && ($GLOBALS['cache_array']['active_extensions'][GET_EXT_NAME($ext_id)] == "Y") && ($active == "N")) {
                        // Keep this extension active!
@@ -66,23 +66,23 @@ if (!empty($_GET['reg_ext'])) {
                        EXTENSION_RUN_SQLS($ext_id, $EXT_LOAD_MODE);
                }
        }
-} elseif (((isset($_POST['edit'])) || (isset($_POST['modify']))) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif (((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('modify')))) && ($SEL > 0) && (!IS_DEMO())) {
        // Change settings like CSS file load
-       if (isset($_POST['modify'])) {
+       if (REQUEST_ISSET_POST(('modify'))) {
                // Change entries
                $cache_update = 0;
-               foreach ($_POST['sel'] as $ext_id => $sel) {
+               foreach (REQUEST_POST('sel') as $ext_id => $sel) {
                        // Secure ID
                        $ext_id = bigintval($ext_id);
 
                        // Change this extension?
                        if ($sel == 1) {
                                // Update extension's record
-                               $active = $_POST['active'][$ext_id];
+                               $active = REQUEST_POST('active', $ext_id);
                                if (GET_EXT_VERSION("sql_patches") >= "0.0.6")  {
                                        // Update also CSS column when extensions sql_patches is newer or exact v0.0.6
                                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_extensions` SET ext_has_css='%s', ext_active='%s' WHERE id=%s LIMIT 1",
-                                               array($_POST['css'][$ext_id], $active, $ext_id), __FILE__, __LINE__);
+                                               array(REQUEST_POST('css', $ext_id), $active, $ext_id), __FILE__, __LINE__);
                                } else {
                                        // When extension is older than v0.0.6 there is no column for the CSS information
                                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_extensions` SET ext_active='%s' WHERE id=%s LIMIT 1",
@@ -105,7 +105,7 @@ if (!empty($_GET['reg_ext'])) {
        } else {
                // Edit selected entries
                $SW = "2"; $OUT = "";
-               foreach ($_POST['sel'] as $ext_id => $sel) {
+               foreach (REQUEST_POST('sel') as $ext_id => $sel) {
                        // Edit this extension?
                        if (($sel == "Y") || ($sel == "N")) {
                                // Load required data
@@ -146,10 +146,10 @@ if (!empty($_GET['reg_ext'])) {
                LOAD_TEMPLATE("admin_extensions_edit");
                $do = "edit";
        }
-} elseif ((isset($_POST['delete'])) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('delete'))) && ($SEL > 0) && (!IS_DEMO())) {
        // List extensions and when verbose is enabled SQL statements which will be executed
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $ext_id => $sel) {
+       foreach (REQUEST_POST('sel') as $ext_id => $sel) {
                // Init variables
                $VERBOSE_OUT = ""; $SQLs = array();
 
@@ -185,10 +185,10 @@ if (!empty($_GET['reg_ext'])) {
        // Load template
        LOAD_TEMPLATE("admin_extensions_delete");
        $do = "delete";
-} elseif ((isset($_POST['remove'])) && ($SEL > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0) && (!IS_DEMO())) {
        // Remove extensions from DB (you have to delete all files manually!)
        $cache_update = 0;
-       foreach ($_POST['sel'] as $ext_id => $active) {
+       foreach (REQUEST_POST('sel') as $ext_id => $active) {
                // Secure ID number
                $ext_id = bigintval($ext_id);
 
@@ -201,18 +201,18 @@ if (!empty($_GET['reg_ext'])) {
                        EXTENSION_RUN_SQLS($ext_id, "remove");
                } // END - if
        } // END - foreach
-} elseif (!empty($_GET['do']) && (!IS_DEMO())) {
+} elseif (REQUEST_ISSET_GET(('do')) && (!IS_DEMO())) {
        // Other things to do
-       $do = SQL_ESCAPE(strip_tags($_GET['do']));
-} elseif (!empty($_GET['do'])) {
+       $do = SQL_ESCAPE(strip_tags(REQUEST_GET('do')));
+} elseif (REQUEST_ISSET_GET(('do'))) {
        // Demo mode active!
        $do = "demo";
 }
 
 // Shall we display active/inactive extensions?
 $where = "";
-if (!empty($_GET['active'])) {
-       $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags($_GET['active'])));
+if (REQUEST_ISSET_GET(('active'))) {
+       $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags(REQUEST_GET('active'))));
 } // END - if
 
 // Case selection
index ecae91db227b1c6d0e28cab3d7daf59882d15c33..52e768a92ae45cc97318d96b8dd8136e4de77de6 100644 (file)
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Check if the admin has entered title and what-php file name...
-if (((empty($_POST['title'])) || (empty($_POST['menu']))) && (isset($_POST['ok']))) {
+if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu')))) && (IS_FORM_SENT())) {
        // Abort adding the menu entry
-       unset($_POST['ok']);
+       REQUEST_UNSET_POST('ok');
 }
 
-if (!isset($_POST['ok'])) {
+if (!IS_FORM_SENT()) {
        // Create arrays
        $menus = array(); $titles = array(); $below = array();
 
@@ -166,24 +166,24 @@ WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ORDER BY `sort`",
        LOAD_TEMPLATE("admin_guest_add");
 } elseif (!IS_DEMO()) {
        // Insert new menu entry
-       if (!empty($_POST['menu'])) {
+       if (REQUEST_ISSET_POST(('menu'))) {
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_guest_menu` (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('%s','%s','%s','%s','%s','%s')",
  array(
-       $_POST['menu'],
-       $_POST['name'],
-       $_POST['title'],
-       bigintval($_POST['sort']),
-       $_POST['visible'],
-       $_POST['active'],
+       REQUEST_POST('menu'),
+       REQUEST_POST('name'),
+       REQUEST_POST('title'),
+       bigintval(REQUEST_POST('sort')),
+       REQUEST_POST('visible'),
+       REQUEST_POST('active'),
 ), __FILE__, __LINE__);
        } else {
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_guest_menu` (action, title, sort, visible, locked) VALUES ('%s','%s','%s','%s','%s')",
  array(
-       $_POST['name'],
-       $_POST['title'],
-       bigintval($_POST['sort']),
-       $_POST['visible'],
-       $_POST['active'],
+       REQUEST_POST('name'),
+       REQUEST_POST('title'),
+       bigintval(REQUEST_POST('sort')),
+       REQUEST_POST('visible'),
+       REQUEST_POST('active'),
 ), __FILE__, __LINE__);
        }
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
index 3f67c4ca9c2612ccf4403e7d662bf9fdf7cb7718..ad43c6961a00096d4d43299c9d1bd8de8d97eb0e 100644 (file)
@@ -43,24 +43,24 @@ ADD_DESCR("admin", __FILE__);
 // Do we edit/delete/change main menus or sub menus?
 $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
 
-if (!empty($_GET['sub'])) {
-       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
-       $SUB = SQL_ESCAPE($_GET['sub']);
+if (REQUEST_ISSET_GET(('sub'))) {
+       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+       $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
 } // END - if
 
 // Get count of (maybe) selected menu points
 $chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
 
 // List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO()))
 {
        // Edit menu entries
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
 
        $cnt = 0; $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm)
+       foreach (REQUEST_POST('sel') as $sel => $confirm)
        {
                if ($confirm == 1)
                {
@@ -99,23 +99,18 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 
        // Load template
        LOAD_TEMPLATE("admin_gmenu_edit_form");
-}
- elseif ((isset($_POST['del'])) && (!IS_DEMO()))
-{
+} elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO())) {
        // Del menu entries with or without confirmation
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
 
        $cnt = 0; $OUT = ""; $SW = 2;
-       foreach ($_POST['sel'] as $sel => $confirm)
-       {
-               if ($confirm == 1)
-               {
+       foreach (REQUEST_POST('sel') as $sel => $confirm) {
+               if ($confirm == 1) {
                        $cnt++;
                        $result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1",
-                        array(bigintval($sel)), __FILE__, __LINE__);
-                       if (SQL_NUMROWS($result) == 1)
-                       {
+                               array(bigintval($sel)), __FILE__, __LINE__);
+                       if (SQL_NUMROWS($result) == 1) {
                                // Entry found so we load the stuff...
                                list($menu) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
@@ -126,9 +121,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                                        'sw'   => $SW,
                                );
                                $OUT .= LOAD_TEMPLATE("admin_gmenu_delete_row", true, $DATA);
-                       }
-                        else
-                       {
+                       } else {
                                // Entry not found?
                                $content = array(
                                        'sw'  => $SW,
@@ -144,28 +137,24 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 
        // Load template
        LOAD_TEMPLATE("admin_gmenu_delete");
-}
- elseif ((isset($_POST['ok'])) && (!IS_DEMO()))
-{
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
        // An action is done...
-       switch ($_POST['ok'])
+       switch (REQUEST_POST('ok'))
        {
        case "edit": // Edit menu
-               foreach ($_POST['sel'] as $sel => $menu)
-               {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        // Secure selector
                        $sel = bigintval($sel);
 
                        // Update entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
+                               array($menu, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel), $sel),__FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
                break;
 
        case "del": // Delete menu
-               foreach ($_POST['sel'] as $sel => $menu)
-               {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        // Delete enty
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1",
                                array(bigintval($sel)), __FILE__, __LINE__);
@@ -174,34 +163,31 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                break;
 
        case "status": // Change access levels
-               foreach ($_POST['sel'] as $sel => $menu)
-               {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        // Secure selector
                        $sel = bigintval($sel);
 
                        // Update entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
+                               array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__);
                }
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
                break;
 
        default: // Unexpected action
-               define('__OK_VALUE', $_POST['ok']);
-               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok']));
+               define('__OK_VALUE', REQUEST_POST('ok'));
+               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok')));
                LOAD_TEMPLATE("admin_menu_unknown_okay");
                break;
        }
-}
- elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO()))
-{
+} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) {
        // Change status (visible / locked)
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
 
        // Load template
        $SW = 2; $cnt = 0; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm)
+       foreach (REQUEST_POST('sel') as $sel => $confirm)
        {
                if ($confirm == 1)
                {
@@ -243,26 +229,26 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
        // Load template
        LOAD_TEMPLATE("admin_gmenu_status");
 } else {
-       if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+       if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
                // Get IDs
-               if (!empty($_GET['w'])) {
+               if (REQUEST_ISSET_GET(('w'))) {
                        // Sub menus selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                        array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
+                        array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                        array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
+                        array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                } else {
                        // Main menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                        array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                        array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                }
@@ -270,9 +256,9 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                if ((!empty($tid)) && (!empty($fid))) {
                        // Sort menu
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
                } // END - if
        } // END - if
 
index 413c3cba795dd91815730e7db6a61aa2fa383501..e6d2c99a8fc28371ff6ad0d640733aa92da52879 100644 (file)
@@ -42,31 +42,31 @@ ADD_DESCR("admin", __FILE__);
 
 // Check if there is enougth selected
 $show = true;
-if ((isset($_POST['id'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) {
+if ((REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) {
        // Okay, which button was pressed?
-       if (isset($_POST['change'])) {
+       if (REQUEST_ISSET_POST(('change'))) {
                // Change permissions
-               ADMIN_CHANGE_ACTIVATION_STATUS($_POST['id'], "bank_packages", "package_active");
-       } elseif (isset($_POST['edit'])) {
+               ADMIN_CHANGE_ACTIVATION_STATUS(REQUEST_POST('id'), "bank_packages", "package_active");
+       } elseif (REQUEST_ISSET_POST(('edit'))) {
                // Delete entries (with confirmation)
                ADMIN_EDIT_ENTRIES_CONFIRM(
-                       $_POST['id'],
+                       REQUEST_POST('id'),
                        "bank_packages",
                        array("id", "title", "description", "account_fee", "free_transfers", "transfer_fee", "output_system_mode", "package_active", "free_months_no_fee", "interest_plus", "interest_minus", "first_payment", "free_account_income", "free_account_stuff", "tan_lock"),
                        array("bigintval", "", "", "TRANSLATE_COMMA", "bigintval", "TRANSLATE_COMMA", "", "", "bigintval", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "TRANSLATE_COMMA", "", "bigintval"),
                        array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "")
                );
                $show = false;
-       } elseif (isset($_POST['do_edit'])) {
+       } elseif (REQUEST_ISSET_POST(('do_edit'))) {
                // Delete entries (with confirmation)
-               ADMIN_EDIT_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array(), array(), array(), true);
-       } elseif (isset($_POST['delete'])) {
+               ADMIN_EDIT_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array(), array(), array(), true);
+       } elseif (REQUEST_ISSET_POST(('delete'))) {
                // Delete entries (with confirmation)
-               ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array("id", "title", "description", "account_fee"), array("bigintval", "", "", "TRANSLATE_COMMA"), array("", "", "", ""));
+               ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array("id", "title", "description", "account_fee"), array("bigintval", "", "", "TRANSLATE_COMMA"), array("", "", "", ""));
                $show = false;
-       } elseif (isset($_POST['remove'])) {
+       } elseif (REQUEST_ISSET_POST(('remove'))) {
                // Delete entries (with confirmation)
-               ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "bank_packages", array(), array(), array(), true);
+               ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "bank_packages", array(), array(), array(), true);
        }
 } // END - if
 
index f99652bc31b5542e3311cdb52c52e80e025cf5c2..28e8f6abaaa58a0f561280cb9a35c97c183e8586 100644 (file)
@@ -41,7 +41,7 @@ ADD_DESCR("admin", __FILE__);
 
 if (getConfig('beg_rallye') == "Y") {
        // Shall I withdraw now?
-       if (isset($_POST['withdraw'])) {
+       if (REQUEST_ISSET_POST(('withdraw'))) {
                // Okay, let's prepare...
                $curr = date("m", time()) - 1;
                if (strlen($curr) == 1) $curr = "0".$curr;
index 3148e6cedcec92c7b63055d7c75b8be8a18244e0..0b36b260e199efebecd8938b7dd40b71fc3eb78b 100644 (file)
@@ -42,7 +42,7 @@ ADD_DESCR("admin", __FILE__);
 
 if (getConfig('bonus_active') == "Y") {
        // Shall I withdraw now?
-       if (isset($_POST['withdraw'])) {
+       if (REQUEST_ISSET_POST(('withdraw'))) {
                // Okay, let's prepare...
                $curr = date("m", time()) - 1;
                if (strlen($curr) == 1) $curr = "0".$curr;
index 7d6556fc90c3233c26bfd6c501f16ac893ffeb20..4b1eac18edae23289c95d83209307e290968fffa 100644 (file)
@@ -41,18 +41,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
        // Check if the user already exists
        $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-        array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Loads surname, family's name and the email address
                list($sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
                // Prepare constants
-               define('__CATS_BASE'   , "<a href=\"{!URL!}/modules.php?module=admin&amp;u_id=");
-               define('__UID'         , bigintval($_GET['u_id']));
+               define('__CATS_BASE'   , "<a href=\"{!URL!}/modules.php?module=admin&amp;uid=");
+               define('__UID'         , bigintval(REQUEST_GET('uid')));
                define('__MEMBER_LINKS', MEMBER_ACTION_LINKS(__UID));
                define('__EMAIL'       , "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
 
@@ -65,7 +65,7 @@ if (!empty($_GET['u_id'])) {
                        while (list($cid, $cat) = SQL_FETCHROW($result_cats)) {
                                // Check user's selection
                                $result_user = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_user_cats` WHERE userid=%s AND cat_id=%s LIMIT 1",
-                                array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__);
+                                array(bigintval(REQUEST_GET('uid')), bigintval($cid)), __FILE__, __LINE__);
 
                                // Set selection
                                $SELECTED = "<font color=\"red\">{--NO--}</div>";
index 1c99093dddd58a460e1ec0fdbc13bbeee8d113d3..ee00866b20df6dfaf2c82aa29c819959caac61a5 100644 (file)
@@ -41,43 +41,43 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Add new code?
-if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr']))) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('code'))) && (REQUEST_ISSET_POST(('descr')))) {
        // Check if country code does already exist
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_countries` WHERE code='%s' LIMIT 1",
-        array(strtoupper($_POST['code'])), __FILE__, __LINE__);
+        array(strtoupper(REQUEST_POST('code'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Save entry
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_countries` (code, descr, is_active) VALUES ('%s','%s','%s')",
                        array(
-                               strtoupper(substr($_POST['code'], 0, 2)),
-                               $_POST['descr'],
-                               $_POST['is_active']
+                               strtoupper(substr(REQUEST_POST('code'), 0, 2)),
+                               REQUEST_POST('descr'),
+                               REQUEST_POST('is_active')
                        ), __FILE__, __LINE__);
 
                // Country added
-               $MSG = ADMIN_COUNTRY_ADDED_1.strtoupper($_POST['descr']).ADMIN_COUNTRY_ADDED_2;
+               $MSG = ADMIN_COUNTRY_ADDED_1.strtoupper(REQUEST_POST('descr')).ADMIN_COUNTRY_ADDED_2;
        } else {
                // Free memory
                SQL_FREERESULT($result);
 
                // Does already exist
-               $MSG = ADMIN_COUNTRY_ALREADY_1.strtoupper($_POST['code']).ADMIN_COUNTRY_ALREADY_2;
+               $MSG = ADMIN_COUNTRY_ALREADY_1.strtoupper(REQUEST_POST('code')).ADMIN_COUNTRY_ALREADY_2;
        }
 
        // Display message
        LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
-} elseif ((isset($_POST['change'])) && (!empty($_POST['id']))) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && (REQUEST_ISSET_POST(('id')))) {
        // Change all status
-       ADMIN_CHANGE_ACTIVATION_STATUS($_POST['id'], "countries", "is_active");
+       ADMIN_CHANGE_ACTIVATION_STATUS(REQUEST_POST('id'), "countries", "is_active");
 
        // Show next link
        LOAD_TEMPLATE("admin_next_link", false, array(
                'url'   => "modules.php?module=admin&amp;what=list_country",
                'title' => getMessage('ADMIN_COUNTRY_ACTIVATION_NEXT_LINK')
        ));
-} elseif (((isset($_POST['edit'])) || (isset($_POST['delete']))) && (!empty($_POST['id']))) {
-       if (count($_POST['id']) > 0) {
-               if (isset($_POST['edit'])) {
+} elseif (((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('delete')))) && (REQUEST_ISSET_POST(('id')))) {
+       if (count(REQUEST_POST('id')) > 0) {
+               if (REQUEST_ISSET_POST(('edit'))) {
                        // Edit template
                        $row    = "admin_list_country_edit_row";
                        $post   = "modify";
@@ -97,7 +97,7 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr'
 
                // Edit all selected country codes
                $OUT = ""; $SW = 2;
-               foreach ($_POST['id'] as $id => $status) {
+               foreach (REQUEST_POST('id') as $id => $status) {
                        // Load data from DB
                        $result = SQL_QUERY_ESC("SELECT code, descr FROM `{!_MYSQL_PREFIX!}_countries` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
@@ -140,18 +140,18 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr'
 } else {
        // Shall we modify / remove entries now?
        $MSG = ""; $SQLs = array();
-       if ((isset($_POST['modify'])) && (!empty($_POST['id']))) {
+       if ((REQUEST_ISSET_POST(('modify'))) && (REQUEST_ISSET_POST(('id')))) {
                // Modify
-               foreach ($_POST['id'] as $id => $sel) {
-                       $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_countries` SET code='".$_POST['code'][$id]."', descr='".$_POST['descr'][$id]."', is_active='".$_POST['is_active'][$id]."' WHERE id='".$id."' LIMIT 1";
+               foreach (REQUEST_POST('id') as $id => $sel) {
+                       $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_countries` SET code='".REQUEST_POST('code', $id)."', descr='".REQUEST_POST('descr', $id)."', is_active='".REQUEST_POST('is_active', $id)."' WHERE id='".$id."' LIMIT 1";
                }
 
                // Create message
                $MSG = ADMIN_COUNTRIES_MODIFIED;
-       } elseif ((isset($_POST['remove'])) && (!empty($_POST['id']))) {
+       } elseif ((REQUEST_ISSET_POST(('remove'))) && (REQUEST_ISSET_POST(('id')))) {
                // Remove
-               $IDs = implode(",", array_keys($_POST['id']));
-               $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_countries` WHERE id IN (".$IDs.") LIMIT ".count($_POST['id'])."";
+               $IDs = implode(",", array_keys(REQUEST_POST('id')));
+               $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_countries` WHERE id IN (".$IDs.") LIMIT ".count(REQUEST_POST('id'))."";
 
                // Create message
                $MSG = ADMIN_COUNTRIES_REMOVED;
index 2ad42035d9d96e45cbb06d1b9c77f5addad1092d..b436e2ffe4b3b364fc77c1960d502c6a9ab543eb 100644 (file)
@@ -40,18 +40,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (empty($_GET['mode'])) {
+if (!REQUEST_ISSET_GET(('mode'))) {
        // Chosse the overview page as default
-       $_GET['mode'] = "overview";
+       REQUEST_GET('mode', "overview");
 } else {
        // Set table title automatically
-       if (empty($_GET['select'])) $_GET['select'] = "all";
-       $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."', getMessage('ADMIN_DOUBLER_LIST_".strtoupper($_GET['mode'])."_".strtoupper($_GET['select'])."'));";
+       if (!REQUEST_ISSET_GET(('select'))) REQUEST_GET('select', "all");
+       $eval = "define('__ADMIN_DOUBLER_LIST_".strtoupper(REQUEST_GET('mode'))."', getMessage('ADMIN_DOUBLER_LIST_".strtoupper(REQUEST_GET('mode'))."_".strtoupper(REQUEST_GET('select'))."'));";
        eval($eval);
 }
 
 // Load data for the template
-switch ($_GET['mode'])
+switch (REQUEST_GET('mode'))
 {
 case "already":  // Already payed out points
        break;
@@ -129,7 +129,7 @@ case "overview": // General overview page
 }
 
 // Load mode template
-LOAD_TEMPLATE("admin_list_doubler_".$_GET['mode']);
+LOAD_TEMPLATE("admin_list_doubler_".REQUEST_GET('mode'));
 
 //
 ?>
index 0045d149130dabd3cdc8501714cbb97ab4610b38..cae5fb68853f18b195200128316142642950bd94 100644 (file)
@@ -43,12 +43,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (empty($_GET['del'])) $_GET['del'] = "";
+if (!REQUEST_ISSET_GET(('del'))) REQUEST_SET_GET('del', "");
 
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
        // Check if the user already exists
        $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
 
         // Is there an entry?
        if (SQL_NUMROWS($result) == 1) {
@@ -60,11 +60,11 @@ if (!empty($_GET['u_id'])) {
                if (EXT_IS_ACTIVE("bonus")) {
                        // Load bonus ID
                        $result = SQL_QUERY_ESC("SELECT stats_id, bonus_id, link_type FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s ORDER BY `id`",
-                               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                } else {
                        // Load stats ID (2nd will be ignored later! But it is needed for the same fetchrow command)
                        $result = SQL_QUERY_ESC("SELECT stats_id, stats_id, link_type FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s ORDER BY `id`",
-                               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                }
 
                // Get number of rows from the query
@@ -72,13 +72,13 @@ if (!empty($_GET['u_id'])) {
 
                if ($nums > 0) {
                        // Some unconfirmed mails left
-                       if ($_GET['del'] == "all") {
+                       if (REQUEST_GET('del') == "all") {
                                // Delete all unconfirmed mails by this user
                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_links` WHERE userid=%s LIMIT %s",
-                                       array(bigintval($_GET['u_id']), $nums), __FILE__, __LINE__);
+                                       array(bigintval(REQUEST_GET('uid')), $nums), __FILE__, __LINE__);
 
                                // Prepare mail and send it away
-                               $msg = LOAD_EMAIL_TEMPLATE("admin-del_links", $nums, bigintval($_GET['u_id']));
+                               $msg = LOAD_EMAIL_TEMPLATE("admin-del_links", $nums, bigintval(REQUEST_GET('uid')));
                                SEND_EMAIL($email, getMessage('ADMIN_DEL_LINK_SUBJ'), $msg);
 
                                // Display message
@@ -100,14 +100,14 @@ if (!empty($_GET['u_id'])) {
                                                $result_data = SQL_QUERY_ESC("SELECT subject, timestamp_ordered, cat_id FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE id=%s LIMIT 1",
                                                        array(bigintval($id)), __FILE__, __LINE__);
                                                $type = "mailid"; $DATA = $id; $PROBLEM = getMessage('NORMAL_MAIL_PROBLEM');
-                                               $LINK = "<a href=\"{!URL!}/mailid.php?uid=".$_GET['u_id']."&amp;mailid=".$id."\" target=\"_blank\">".$id."</a>";
+                                               $LINK = "<a href=\"{!URL!}/mailid.php?uid=".REQUEST_GET('uid')."&amp;mailid=".$id."\" target=\"_blank\">".$id."</a>";
                                                break;
 
                                        case "BONUS":
                                                $result_data = SQL_QUERY_ESC("SELECT subject, timestamp, cat_id FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id=%s LIMIT 1",
                                                        array(bigintval($id2)), __FILE__, __LINE__);
                                                $type = "bonusid"; $DATA = $id2; $PROBLEM = getMessage('BONUS_MAIL_PROBLEM');
-                                               $LINK = "<a href=\"{!URL!}/mailid.php?uid=".$_GET['u_id']."&amp;bonusid=".$id2."\" target=\"_blank\">".$id2."</a>";
+                                               $LINK = "<a href=\"{!URL!}/mailid.php?uid=".REQUEST_GET('uid')."&amp;bonusid=".$id2."\" target=\"_blank\">".$id2."</a>";
                                                break;
 
                                        default: // Problem in application detected!
@@ -155,18 +155,18 @@ if (!empty($_GET['u_id'])) {
                                define('__EMAIL_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$email."</a>");
                                define('__EMAIL_LIST' , $OUT);
                                define('__NUMS_VALUE' , $nums);
-                               define('__UID'        , bigintval($_GET['u_id']));
+                               define('__UID'        , bigintval(REQUEST_GET('uid')));
 
                                // Load final template
                                LOAD_TEMPLATE("admin_list_links");
                        }
                } else {
                        // No mails left to confirm
-                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_LINKS'), $_GET['u_id']));
+                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_LINKS'), REQUEST_GET('uid')));
                }
        } else {
                // User not found
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id']));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid')));
        }
 } else {
        // Output selection form with all confirmed user accounts listed
index 201c52a67e4eb0025c1ce306a94865825fc6d744..6685de8a848d1829ab23d2059bb6f8b1ebf78e97 100644 (file)
@@ -40,18 +40,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) {
+if ((REQUEST_ISSET_POST(('uid'))) && (REQUEST_ISSET_POST(('id')))) {
        // Update database...
        // First user's account
        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_until=(UNIX_TIMESTAMP() + nl_timespan), nl_receive='N', nl_timespan=0 WHERE userid=%s LIMIT 1",
-               array(bigintval($_POST['uid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_POST('uid'))), __FILE__, __LINE__);
 
        // Next the task system...
-       RUN_FILTER('solve_task', bigintval($_POST['id']));
+       RUN_FILTER('solve_task', bigintval(REQUEST_POST('id')));
 
        // Send mail to user
-       $msg = LOAD_EMAIL_TEMPLATE("member_newsletter_done", true, bigintval($_POST['uid']));
-       SEND_EMAIL(bigintval($_POST['uid']), NL_MEMBER_DONE_SUBJECT, $msg);
+       $msg = LOAD_EMAIL_TEMPLATE("member_newsletter_done", true, bigintval(REQUEST_POST('uid')));
+       SEND_EMAIL(bigintval(REQUEST_POST('uid')), NL_MEMBER_DONE_SUBJECT, $msg);
 
        // Output message to admin
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NL_MEMBER_DONE'));
index 253a8d647c6c7dae5fa7df9fc5f2306c34a63ea1..cfee49da761ff398d7acf51f37e98f644e95e15c 100644 (file)
@@ -45,10 +45,10 @@ $WHO = _ALL;
 $SQL2 = "";
 
 // Set offset an current page to default values
-if (empty($_GET['page']))   $_GET['page']   = "1";
-if (empty($_GET['offset'])) $_GET['offset'] = getConfig('mails_page');
+if (!REQUEST_ISSET_GET(('page')))   REQUEST_GET('page')   = "1";
+if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('mails_page'));
 
-if ((EXT_IS_ACTIVE("bonus")) && ($WHO == _ALL)) {
+if ((EXT_IS_ACTIVE("bonus")) && ($WHO == getMessage('_ALL'))) {
        // Bonus mails sent by you
        //               0     1       2        3        4      5       6          7       8      9         10          11        12
        $SQL2 = "SELECT id, subject, text, receivers, points, time, data_type, timestamp, url, cat_id, target_send, mails_sent, clicks
@@ -63,7 +63,7 @@ ORDER BY timestamp DESC";
 }
 
 // Create limitation line
-$ADD = " LIMIT ".(bigintval($_GET['offset']) * bigintval($_GET['page']) - bigintval($_GET['offset'])).", ".bigintval($_GET['offset']);
+$ADD = " LIMIT ".(bigintval(REQUEST_GET('offset')) * bigintval(REQUEST_GET('page')) - bigintval(REQUEST_GET('offset'))).", ".bigintval(REQUEST_GET('offset'));
 
 // Add limitation
 if (!empty($SQL2)) $SQL2 .= $ADD;
index 35e3bb7215720b12f7cdfe3b15a2d0fdb1c3a7da..c6600aec5c06a4408327df22efe7e415dcdfdcf7 100644 (file)
@@ -40,15 +40,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['pid'])) {
+if (REQUEST_ISSET_GET(('pid'))) {
        // First let's get the member's ID
        $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE id=%s LIMIT 1",
-               array($_GET['pid']), __FILE__, __LINE__);
+               array(REQUEST_GET('pid')), __FILE__, __LINE__);
        list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
        // Obtain some data
-       if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0)) {
+       if (!REQUEST_ISSET_GET(('task')) && (!empty($uid)) && ($uid > 0)) {
                // Get task ID from database
                $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_task_system` WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
                        array(bigintval($uid)), __FILE__, __LINE__);
@@ -60,7 +60,7 @@ if (!empty($_GET['pid'])) {
                LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_USERID);
        } else {
                // Get task ID from URL
-               $task = $_GET['task'];
+               $task = REQUEST_GET('task');
        }
 
        if ((!empty($task)) && (!empty($uid)) && ($uid > 0)) {
@@ -73,12 +73,12 @@ if (!empty($_GET['pid'])) {
                // Konstante bauen
                define('PAYOUT_USERDATA_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".TRANSLATE_GENDER($gender)." ".$surname." ".$family."</a>");
 
-               if (($_GET['do'] == "accept") && (!empty($email))) {
+               if ((REQUEST_GET('do') == "accept") && (!empty($email))) {
                        // Ok, now we can output the form or execute accepting
-                       if (isset($_POST['ok'])) {
+                       if (IS_FORM_SENT()) {
                                // Obtain payout type and other data
                                $result = SQL_QUERY_ESC("SELECT payout_id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE id=%s LIMIT 1",
-                                array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+                                array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
                                list($ptype) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
 
@@ -127,10 +127,10 @@ if (!empty($_GET['pid'])) {
 
                                                // Clear payout request
                                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_payouts` SET `status`='ACCEPTED' WHERE id=%s LIMIT 1",
-                                                       array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+                                                       array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
 
                                                // Send out mail
-                                               $msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", $_POST['text'], $uid);
+                                               $msg = LOAD_EMAIL_TEMPLATE("member_payout_accepted", REQUEST_POST('text'), $uid);
 
                                                // Output message
                                                if ($allow == "Y") {
@@ -156,9 +156,9 @@ if (!empty($_GET['pid'])) {
                                // Load template
                                LOAD_TEMPLATE("admin_payout_accept_form", false, $task);
                        }
-               } elseif (($_GET['do'] == "reject") && (!empty($email))) {
+               } elseif ((REQUEST_GET('do') == "reject") && (!empty($email))) {
                        // Ok, now we can output the form or execute rejecting
-                       if (isset($_POST['ok'])) {
+                       if (IS_FORM_SENT()) {
                                if ($task > 0) {
                                        // Clear task
                                        RUN_FILTER('solve_task', $task);
@@ -166,10 +166,10 @@ if (!empty($_GET['pid'])) {
 
                                // Clear payout request
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_payouts` SET `status`='REJECTED' WHERE id=%s LIMIT 1",
-                                array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+                                array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
 
                                // Send out mail
-                               $msg = LOAD_EMAIL_TEMPLATE("member_payout_rejected", $_POST['text'], $uid);
+                               $msg = LOAD_EMAIL_TEMPLATE("member_payout_rejected", REQUEST_POST('text'), $uid);
 
                                // Output message
                                LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_REJECTED_NOTIFIED);
@@ -186,11 +186,12 @@ if (!empty($_GET['pid'])) {
                }
        } elseif ((empty($task)) || ($task == "0")) {
                // Failed loading task ID
-               LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_FAILED_OBTAIN_TASK_ID);
+               LOAD_TEMPLATE("admin_settings_saved", false, getMessage('PAYOUT_FAILED_OBTAIN_TASK_ID'));
        }
 } else {
-       if (empty($_GET['do'])) $_GET['do'] = "";
-       if ($_GET['do'] == "delete") {
+       if (!REQUEST_ISSET_GET(('do'))) REQUEST_SET_GET('do', "");
+
+       if (REQUEST_GET('do') == "delete") {
                // Delete all requests
                $result = SQL_QUERY("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_payouts`", __FILE__, __LINE__);
        }
index 44b4be1d7ad8f867f54c6196198a5446999b91ad..98b6f61d1785faa8541c81c7dc32c15cf8861ca3 100644 (file)
@@ -40,17 +40,17 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (empty($_GET['sub'])) $_GET['sub'] = "";
+if (!REQUEST_ISSET_GET(('sub'))) REQUEST_SET_GET('sub', "");
 $MSG = "";
 
 // Quick actions on a rallye
-if (isset($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
 {
        // Activate / deactivate
        $SQL = "";
-       if (isset($_GET['activate']))
+       if (REQUEST_ISSET_GET(('activate')))
        {
-               switch ($_GET['activate'])
+               switch (REQUEST_GET('activate'))
                {
                case "1": // Activate
                        $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET is_active='Y' WHERE id=%s AND is_active='N' LIMIT 1";
@@ -63,9 +63,9 @@ if (isset($_GET['rallye']))
        }
 
        // Automatic notification
-       if (isset($_GET['notify']))
+       if (REQUEST_ISSET_GET(('notify')))
        {
-               switch ($_GET['notify'])
+               switch (REQUEST_GET('notify'))
                {
                case "1": // Activate
                        $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET send_notify='Y' WHERE id=%s AND send_notify='N' LIMIT 1";
@@ -78,9 +78,9 @@ if (isset($_GET['rallye']))
        }
 
        // Automatic adding of new members
-       if (isset($_GET['auto']))
+       if (REQUEST_ISSET_GET(('auto')))
        {
-               switch ($_GET['auto'])
+               switch (REQUEST_GET('auto'))
                {
                case "1": // Activate
                        $SQL = "UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET auto_add_new_user='Y' WHERE id=%s AND auto_add_new_user='N' LIMIT 1";
@@ -95,17 +95,17 @@ if (isset($_GET['rallye']))
        // Run SQL command
        if (!empty($SQL))
        {
-               $result = SQL_QUERY_ESC($SQL, array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC($SQL, array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
        }
 }
- elseif (isset($_POST['remove']))
+ elseif (REQUEST_ISSET_POST(('remove')))
 {
        // Delete rallyes
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0)
        {
                // Delete selected rallyes and all it's data
-               foreach ($_POST['sel'] as $id => $sel)
+               foreach (REQUEST_POST('sel') as $id => $sel)
                {
                        // Remove selected rallye entirely...
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
@@ -125,21 +125,21 @@ if (isset($_GET['rallye']))
                $MSG = RALLYE_DELETE_NOTHING_SELECTED;
        }
 }
- elseif (isset($_POST['change']))
+ elseif (REQUEST_ISSET_POST(('change')))
 {
        // Change rallye
-       $SEL = SELECTION_COUNT($_POST['title']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('title'));
        if ($SEL > 0)
        {
                // Change selected rallyes and all it's data
-               foreach ($_POST['title'] as $id => $title)
+               foreach (REQUEST_POST('title') as $id => $title)
                {
                        // Secure ID number
                        $id = bigintval($id);
 
                        // Generate timestamps
-                       $START = mktime($_POST['start_hour'][$id], $_POST['start_min'][$id], $_POST['start_sec'][$id], $_POST['start_month'][$id], $_POST['start_day'][$id], $_POST['start_year'][$id]);
-                       $END   = mktime($_POST['end_hour'][$id]  , $_POST['end_min'][$id]  , $_POST['end_sec'][$id]  , $_POST['end_month'][$id]  , $_POST['end_day'][$id]  , $_POST['end_year'][$id]  );
+                       $START = mktime(REQUEST_POST('start_hour', $id), REQUEST_POST('start_min', $id), REQUEST_POST('start_sec', $id), REQUEST_POST('start_month', $id), REQUEST_POST('start_day', $id), REQUEST_POST('start_year', $id));
+                       $END   = mktime(REQUEST_POST('end_hour', $id)  , REQUEST_POST('end_min', $id)  , REQUEST_POST('end_sec', $id)  , REQUEST_POST('end_month', $id)  , REQUEST_POST('end_day', $id)  , REQUEST_POST('end_year', $id)  );
 
                        // Update entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_data` SET
@@ -151,8 +151,16 @@ end_time='%s',
 min_users='%s',
 min_prices='%s'
 WHERE id='".$id."' LIMIT 1",
- array($title, $_POST['descr'][$id], $_POST['templ'][$id], bigintval($START), bigintval($END), bigintval($_POST['min_users'][$id]), bigintval($_POST['min_prices'][$id]), $id),
- __FILE__, __LINE__);
+                               array(
+                                       $title,
+                                       REQUEST_POST('descr', $id),
+                                       REQUEST_POST('templ', $id),
+                                       bigintval($START),
+                                       bigintval($END),
+                                       bigintval(REQUEST_POST('min_users', $id)),
+                                       bigintval(REQUEST_POST('min_prices', $id)),
+                                       $id
+                               ), __FILE__, __LINE__);
                }
 
                // Output message
@@ -160,16 +168,13 @@ WHERE id='".$id."' LIMIT 1",
        }
 }
 
-if (isset($_POST['edit']))
-{
+if (REQUEST_ISSET_POST(('edit'))) {
        // Check for selections
-       $SEL = SELECTION_COUNT($_POST['sel']);
-       if ($SEL > 0)
-       {
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+       if ($SEL > 0) {
                // Make all selected and deactivated rallyes editable
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel)
-               {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load rallye basic data
                        $result = SQL_QUERY_ESC("SELECT title, descr, template, start_time, end_time, min_users, min_prices FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
@@ -207,25 +212,24 @@ if (isset($_POST['edit']))
                        // Color switching
                        $SW = 3 - $SW;
                }
+
                // Remember rows in constant
                define('__RALLYE_ROWS', $OUT);
 
                // Load final template
                LOAD_TEMPLATE("admin_edit_rallyes");
-       }
-        else
-       {
+       } else {
                // Nothing selected to edit
                LOAD_TEMPLATE("admin_settings_saved", false, LOAD_TEMPLATE("admin_list_rallye_noselect", true));
        }
-} elseif (($_GET['sub'] == "users") && ($_GET['rallye'] > 0)) {
+} elseif ((REQUEST_GET('sub') == "users") && (REQUEST_GET('rallye') > 0)) {
        // List users and their refs before start and current
        $result = SQL_QUERY_ESC("SELECT userid, refs, curr_points FROM `{!_MYSQL_PREFIX!}_rallye_users` WHERE rallye_id=%s ORDER BY userid",
-        array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
                $SW = 2; $OUT = "";
-               define('__RALLYE_VALUE', $_GET['rallye']);
+               define('__RALLYE_VALUE', REQUEST_GET('rallye'));
                while (list($uid, $old, $opoints) = SQL_FETCHROW($result))
                {
                        // Check for referal count
@@ -234,8 +238,7 @@ if (isset($_POST['edit']))
                        // Output row
                        $Bl = ""; $Br = "";
                        if (($opoints > 0) && ($cnt > 0)) { $Bl = "<strong>"; $Br = "</strong>"; }
-                       if (($old > 0) || ($cnt > 0))
-                       {
+                       if (($old > 0) || ($cnt > 0)) {
                                // Insert link to referal list
                                //* DEBUG: */ echo "-".$uid."/".$cnt."/".$old."-<br />";
                                $cnt = ADMIN_USER_PROFILE_LINK($uid, $cnt, "list_refs");
@@ -264,26 +267,20 @@ if (isset($_POST['edit']))
 
                // Load template
                LOAD_TEMPLATE("admin_list_rallye_usr");
-       }
-        else
-       {
+       } else {
                // No entries found?
                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ADMIN_USERS_404);
        }
-}
- else
-{
+} else {
        // Start listing rallyes
        $result = SQL_QUERY("SELECT id, admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify, notified, min_users, min_prices
 FROM `{!_MYSQL_PREFIX!}_rallye_data`
 ORDER BY start_time DESC",
  __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) > 0)
-       {
+       if (SQL_NUMROWS($result) > 0) {
                // List found rallyes
                $SW = 2; $OUT = "";
-               while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result))
-               {
+               while (list($id, $aid, $title, $descr, $templ, $start, $end, $auto_add, $active, $notify, $notified, $min_users, $min_prices) = SQL_FETCHROW($result)) {
                        // Load admin login
                        $alogin = GET_ADMIN_LOGIN($aid);
 
@@ -297,8 +294,7 @@ ORDER BY start_time DESC",
                        $joined = SQL_NUMROWS($result_user);
 
                        // Did some users joined this rallye?
-                       if ($joined > 0)
-                       {
+                       if ($joined > 0) {
                                // List joined users
                                $joined = "<a href=\"{!URL!}/modules.php?module=admin&amp;what=list_rallyes&amp;sub=users&amp;rallye=".$id."\" title=\"".RALLYE_LIST_USERS."\">".$joined."</a>";
                        }
@@ -390,12 +386,11 @@ ORDER BY start_time DESC",
 
                // Load template
                LOAD_TEMPLATE("admin_list_rallyes");
-       }
-        else
-       {
+       } else {
                // No rallyes setup so far
                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_NO_RALLYES_SETUP);
        }
 }
+
 //
 ?>
index 6803a04aecbc5cd3f4a4eabb21d763b55e44b593..8881b2f9fba60b92b6f7f3158009c5c6caf7a794 100644 (file)
@@ -46,9 +46,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
        // Secure userid
-       $uid = bigintval($_GET['u_id']);
+       $uid = bigintval(REQUEST_GET('uid'));
 
        // Check if the user already exists
        $result_user = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
@@ -81,7 +81,7 @@ ORDER BY level ASC", __FILE__, __LINE__);
                                array($uid), __FILE__, __LINE__);
 
                        // Output info message
-                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_USER_TOTAL_REFS'), ADMIN_USER_PROFILE_LINK($_GET['u_id']), $menge, $menge_lck));
+                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_USER_TOTAL_REFS'), ADMIN_USER_PROFILE_LINK(REQUEST_GET('uid')), $menge, $menge_lck));
                }
 
                // Are there some levels (VERY BAD IF NONE!)
@@ -217,7 +217,7 @@ ORDER BY level ASC", __FILE__, __LINE__);
                        // Prepare content
                        $content = array(
                                'rows' => $OUT,
-                               'uid'  => ADMIN_USER_PROFILE_LINK($_GET['u_id'])
+                               'uid'  => ADMIN_USER_PROFILE_LINK(REQUEST_GET('uid'))
                        );
 
                        // Load main template
@@ -238,7 +238,7 @@ ORDER BY level ASC", __FILE__, __LINE__);
                SQL_FREERESULT($result_levels);
        } else {
                // User not found
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id']));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid')));
        }
 
        // Free memory
index fa00a1cc30ee6040504f436788aa2a00a66a0c04..569ff0e1d08e54935f3e82dae9802a36110c440d 100644 (file)
@@ -40,12 +40,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
        // Show detailed informations to a sponsor
        $result = SQL_QUERY_ESC("SELECT company, position, gender, surname, family, street_nr1, street_nr2, zip, city, country, phone, fax, cell, email, url, tax_ident, status, sponsor_created, last_online, last_change, receive_warnings, points_amount, points_used, remote_addr, warning_interval, refid, ref_count
 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE id='%s' LIMIT 1",
- array(bigintval($_GET['id'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
 
        if (SQL_NUMROWS($result) == 1) {
                // Load sponsor details
@@ -59,14 +59,14 @@ WHERE id='%s' LIMIT 1",
 
                // Check for sponsor's orders (only count)
                $result_orders = SQL_QUERY_ESC("SELECT COUNT(id) FROM `{!_MYSQL_PREFIX!}_sponsor_orders` WHERE sponsorid='%s'",
-                array(bigintval($_GET['id'])), __FILE__, __LINE__);
+                array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
                list($orders) = SQL_FETCHROW($result_orders);
                SQL_FREERESULT($result_orders);
                if (empty($orders)) $orders = 0;
 
                // Prepare all data for the template
                //  Sponsor's ID
-               define('__SPONSOR_ID'         , $_GET['id']);
+               define('__SPONSOR_ID'         , REQUEST_GET('id'));
                //  Company's data
                define('__SPONSOR_COMPANY'    , $DATA['company']);
                define('__SPONSOR_POSITION'   , $DATA['position']);
@@ -109,12 +109,12 @@ WHERE id='%s' LIMIT 1",
                LOAD_TEMPLATE("admin_list_sponsor_details");
        } else {
                // Sponsor not found
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), $_GET['id']));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), REQUEST_GET('id')));
        }
-} elseif (!empty($_GET['rid'])) {
+} elseif (REQUEST_ISSET_GET(('rid'))) {
        // Search for sponsor
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
-        array(bigintval($_GET['rid'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('rid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Free memory
                SQL_FREERESULT($result);
@@ -123,7 +123,7 @@ WHERE id='%s' LIMIT 1",
                $result = SQL_QUERY_ESC("SELECT id, gender, surname, family, email, status, sponsor_created, last_online, points_amount, points_used, remote_addr, ref_count
 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE refid='%s' ORDER BY `id`",
- array(bigintval($_GET['rid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('rid'))), __FILE__, __LINE__);
 
                if (SQL_NUMROWS($result) > 0) {
                        // List refs now
@@ -131,11 +131,11 @@ WHERE refid='%s' ORDER BY `id`",
                        SQL_FREERESULT($result);
                } else {
                        // No refs made so far
-                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_REFS_404'), "<a href=\"{!URL!}/modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['rid'])."\">".bigintval($_GET['rid'])."</a>"));
+                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_REFS_404'), "<a href=\"{!URL!}/modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval(REQUEST_GET('rid'))."\">".bigintval(REQUEST_GET('rid'))."</a>"));
                }
        } else {
                // Sponsor not found
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['rid'])));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('rid'))));
        }
 } else {
        // List all sponsors
index 9e1033bc7043218fe39a3df6b472f67b9840cf0d..cd7a8e117e06dd15f5e89deda0fabd83cb4aaaa2 100644 (file)
@@ -42,46 +42,54 @@ ADD_DESCR("admin", __FILE__);
 
 $MSG = "";
 
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
        // Check input variables
-       if (empty($_POST['pay_name'])) unset($_POST['add']);
-       if ((round($_POST['pay_rate']) == 0) || (empty($_POST['pay_rate']))) unset($_POST['add']);
-       $_POST['pay_min_count'] = bigintval($_POST['pay_min_count']);
-       if (($_POST['pay_min_count'] == 0) || (empty($_POST['pay_min_count']))) unset($_POST['add']);
-       if (empty($_POST['pay_currency'])) unset($_POST['add']);
-} elseif ((isset($_POST['edit'])) || (isset($_POST['del'])) || (isset($_POST['change'])) || (isset($_POST['remove']))) {
+       if (!REQUEST_ISSET_POST(('pay_name'))) REQUEST_UNSET_POST(('add'));
+       if ((round(REQUEST_POST('pay_rate')) == 0) || (!REQUEST_ISSET_POST(('pay_rate')))) REQUEST_UNSET_POST(('add'));
+
+       REQUEST_SET_POST('pay_min_count', bigintval(REQUEST_POST('pay_min_count')));
+
+       if ((REQUEST_POST('pay_min_count') == 0) || (!REQUEST_ISSET_POST(('pay_min_count')))) REQUEST_UNSET_POST(('add'));
+       if (!REQUEST_ISSET_POST(('pay_currency'))) REQUEST_UNSET_POST(('add'));
+
+} elseif ((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('del'))) || (REQUEST_ISSET_POST(('change'))) || (REQUEST_ISSET_POST(('remove')))) {
        // Check if at least one entry was selected
-       if (empty($_POST['id'])) {
+       if (!REQUEST_ISSET_POST(('id'))) {
                // Nothing selected for editing / deleting???
-               unset($_POST['edit']);
-               unset($_POST['del']);
-               unset($_POST['change']);
-               unset($_POST['remove']);
-       } elseif (isset($_POST['change'])) {
+               REQUEST_UNSET_POST(('edit'));
+               REQUEST_UNSET_POST(('del'));
+               REQUEST_UNSET_POST(('change'));
+               REQUEST_UNSET_POST(('remove'));
+       } elseif (REQUEST_ISSET_POST(('change'))) {
                // Change entries here...
-               foreach ($_POST['id'] as $id => $sel) {
+               foreach (REQUEST_POST('id') as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Save entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_paytypes`
 SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id='%s' LIMIT 1",
- array($_POST['name'][$id], $_POST['rate'][$id], bigintval($_POST['min'][$id]), $_POST['curr'][$id], $id),
- __FILE__, __LINE__);
+                               array(
+                                       REQUEST_POST('name', $id),
+                                       REQUEST_POST('rate', $id),
+                                       bigintval(REQUEST_POST('min', $id)),
+                                       REQUEST_POST('curr', $id),
+                                       $id
+                               ), __FILE__, __LINE__);
                }
 
                // Generate message
-               $MSG = SPONSOR_PAY_ENTRIES_CHANGED;
-       } elseif (isset($_POST['remove'])) {
+               $MSG = getMessage('SPONSOR_PAY_ENTRIES_CHANGED');
+       } elseif (REQUEST_ISSET_POST(('remove'))) {
                // Remove entries here...
-               foreach ($_POST['id'] as $id => $sel) {
+               foreach (REQUEST_POST('id') as $id => $sel) {
                        // Remove entry
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE id='%s' LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                }
 
                // Generate message
-               $MSG = SPONSOR_PAY_ENTRIES_REMOVED;
+               $MSG = getMessage('SPONSOR_PAY_ENTRIES_REMOVED');
        }
 
        if (!empty($MSG)) {
@@ -90,33 +98,36 @@ SET pay_name='%s', pay_rate='%s', pay_min_count='%s', pay_currency='%s' WHERE id
        }
 }
 
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
        // Check if entry with same name does exists
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE pay_name='%s' LIMIT 1",
-        array($_POST['pay_name']), __FILE__, __LINE__);
+               array(REQUEST_POST('pay_name')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // No entry found so add this line
-               SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_paytypes` (pay_name, pay_rate, pay_min_count, pay_currency)
- VALUES ('%s','%s','%s','%s')",
- array(htmlspecialchars($_POST['pay_name']), REVERT_COMMA($_POST['pay_rate']), bigintval($_POST['pay_min_count']), htmlspecialchars($_POST['pay_currency'])),
- __FILE__, __LINE__);
+               SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_paytypes` (pay_name, pay_rate, pay_min_count, pay_currency) VALUES ('%s','%s','%s','%s')",
+                       array(
+                               htmlspecialchars(REQUEST_POST('pay_name')),
+                               REVERT_COMMA(REQUEST_POST('pay_rate')),
+                               bigintval(REQUEST_POST('pay_min_count')),
+                               htmlspecialchars(REQUEST_POST('pay_currency'))
+                       ), __FILE__, __LINE__);
 
                // Payment type added!
-               $MSG = ADMIN_SPONSOR_PAYTYPE_ADDED_1.$_POST['pay_name'].ADMIN_SPONSOR_PAYTYPE_ADDED_2;
+               $MSG = ADMIN_SPONSOR_PAYTYPE_ADDED_1.REQUEST_POST('pay_name').ADMIN_SPONSOR_PAYTYPE_ADDED_2;
        } else {
                // Free memory
                SQL_FREERESULT($result);
 
                // Entry does already exists
-               $MSG = ADMIN_SPONSOR_PAYTYPE_ALREADY_1.$_POST['pay_name'].ADMIN_SPONSOR_PAYTYPE_ALREADY_2;
+               $MSG = ADMIN_SPONSOR_PAYTYPE_ALREADY_1.REQUEST_POST('pay_name').ADMIN_SPONSOR_PAYTYPE_ALREADY_2;
        }
 
        // Output message
        LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
-} elseif ((isset($_POST['edit'])) || (isset($_POST['del']))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) || (REQUEST_ISSET_POST(('del')))) {
        // Load all data
        $OUT = ""; $SW = 2;
-       foreach ($_POST['id'] as $id => $sel) {
+       foreach (REQUEST_POST('id') as $id => $sel) {
                // Load entry
                $result = SQL_QUERY_ESC("SELECT pay_name, pay_rate, pay_min_count, pay_currency FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes` WHERE id='%s' LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
@@ -135,7 +146,7 @@ if (isset($_POST['add'])) {
                                'curr' => htmlspecialchars($curr)
                        );
 
-                       if (isset($_POST['edit'])) {
+                       if (REQUEST_ISSET_POST(('edit'))) {
                                // Edit entry
                                $OUT .= LOAD_TEMPLATE("admin_list_sponsor_pay_edit_row", true, $content);
                        } else {
@@ -155,7 +166,7 @@ if (isset($_POST['add'])) {
        define('__SPONSOR_ROWS', $OUT);
 
        // Load main template depending on mode (edit/delete)
-       if (isset($_POST['edit'])) {
+       if (REQUEST_ISSET_POST(('edit'))) {
                // Load main edit template
                LOAD_TEMPLATE("admin_list_sponsor_pay_edit");
        } else {
@@ -201,7 +212,7 @@ if (isset($_POST['add'])) {
                define('__LIST_CONTENT', LOAD_TEMPLATE("admin_list_sponsor_pay", true));
        } else {
                // Noting setup so far!
-               define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, ADMIN_SPONSOR_NO_PAYTYPES));
+               define('__LIST_CONTENT', LOAD_TEMPLATE("admin_settings_saved", true, getMessage('ADMIN_SPONSOR_NO_PAYTYPES')));
        }
 
        // Add new payment types here
index 47a4531ecf57e385be3f15e2919d60c2795e16e5..db66cb18edaaad6b7fb0c3822fa9819f6a4f1594 100644 (file)
@@ -40,17 +40,17 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
-        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // ...
                // Free memory
                SQL_FREERESULT($result);
        } else {
                // Sponsor not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id'])));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id'))));
        }
 } else {
        // Not called by what-list_sponsor.php
index aabef21732e367c6f4b07136340aa6ef129ef9e0..6f9c4379c9acef2c5e25132e369b798e456f1257 100644 (file)
@@ -44,7 +44,7 @@ ADD_DESCR("admin", __FILE__);
 $show = true;
 
 // Check for 'id' element
-if ((count($_POST) > 0) && ((!isset($_POST['id'])) || (!is_array($_POST['id'])) || (count($_POST['id']) == 0))) {
+if ((REQUEST_POST_COUNT() > 0) && ((!REQUEST_ISSET_POST(('id'))) || (!is_array(REQUEST_POST('id'))) || (count(REQUEST_POST('id')) == 0))) {
        // Not found so output message
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_NO_SELECTIONS'));
 
@@ -53,53 +53,53 @@ if ((count($_POST) > 0) && ((!isset($_POST['id'])) || (!is_array($_POST['id']))
 }
 
 // Edit or delete button hit?
-if (isset($_POST['edit'])) {
+if (REQUEST_ISSET_POST(('edit'))) {
        // Show entries for editing
        ADMIN_EDIT_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array("id", "userid", "url"),
                array("bigintval", "ADD_MEMBER_SELECTION_BOX", ""),
                array("", array(false, true, true), "")
        );
        $show = false;
-} elseif (isset($_POST['do_edit'])) {
+} elseif (REQUEST_ISSET_POST(('do_edit'))) {
        // Change data of entries
        ADMIN_EDIT_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array(),
                array(),
                array(),
                true
        );
-} elseif (isset($_POST['delete'])) {
+} elseif (REQUEST_ISSET_POST(('delete'))) {
        // Show entries for deletion
        ADMIN_DELETE_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array("id", "userid", "url", "registered"),
                array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", ""),
                array("", "", "", "")
        );
        $show = false;
-} elseif (isset($_POST['do_delete'])) {
+} elseif (REQUEST_ISSET_POST(('do_delete'))) {
        // Remove entries from database
-       ADMIN_DELETE_ENTRIES_CONFIRM($_POST['id'], "surfbar_urls", array(), array(), array(), true);
-} elseif (isset($_POST['lock'])) {
+       ADMIN_DELETE_ENTRIES_CONFIRM(REQUEST_POST('id'), "surfbar_urls", array(), array(), array(), true);
+} elseif (REQUEST_ISSET_POST(('lock'))) {
        // Un-/lock selected URLs. This does not work for pending URLs
        ADMIN_LOCK_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array("id", "userid", "url", "registered", "status"),
                array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "", "SURFBAR_TRANSLATE_STATUS"),
                array("", "", "", "", "")
        );
        $show = false;
-} elseif (isset($_POST['do_lock'])) {
+} elseif (REQUEST_ISSET_POST(('do_lock'))) {
        // Un-/lock selected URLs. This does not work for pending URLs
        ADMIN_LOCK_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array(),
                array(),
@@ -107,20 +107,20 @@ if (isset($_POST['edit'])) {
                array("status" => array("ACTIVE" => "LOCKED", "LOCKED" => "ACTIVE")),
                true
        );
-} elseif (isset($_POST['undelete'])) {
+} elseif (REQUEST_ISSET_POST(('undelete'))) {
        // Undelete selected URLs. This does only work for deleted URLs... ;-)
        ADMIN_UNDELETE_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array("id", "userid", "url", "registered", "status"),
                array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "", "SURFBAR_TRANSLATE_STATUS"),
                array("", "", "", "", "")
        );
        $show = false;
-} elseif (isset($_POST['do_undelete'])) {
+} elseif (REQUEST_ISSET_POST(('do_undelete'))) {
        // Undelete selected URLs. This does only work for deleted URLs... ;-)
        ADMIN_UNDELETE_ENTRIES_CONFIRM(
-               $_POST['id'],
+               REQUEST_POST('id'),
                "surfbar_urls",
                array(),
                array(),
index 493903850cc995609536a3e7f0a03749e39f58c1..d8af21ff70a35bd337778408de7bd2e044edb88c 100644 (file)
@@ -44,9 +44,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $whereStatement = "";
-if (empty($_GET['type'])) $_GET['type'] = "your";
+if (!REQUEST_ISSET_GET(('type'))) REQUEST_SET_GET('type', "your");
 
-switch ($_GET['type'])
+switch (REQUEST_GET('type'))
 {
 case "your": // List only your own open (new) tasks
        $whereStatement = "assigned_admin='".GET_CURRENT_ADMIN_ID()."' AND `status`='NEW' AND task_type != 'EXTENSION_UPDATE'";
@@ -73,20 +73,20 @@ case "closed": // List all closed
        break;
 
 default: // Unknown type
-       DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown task type %s detected.", $_GET['type']));
-       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_TASK_UNKNOWN_MODE'), $_GET['type']));
+       DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown task type %s detected.", REQUEST_GET('type')));
+       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('ADMIN_TASK_UNKNOWN_MODE'), REQUEST_GET('type')));
        break;
 }
 
-if (!empty($whereStatement))
-{
+if (!empty($whereStatement)) {
        $SEL = 0;
-       if (isset($_POST['task'])) $SEL = SELECTION_COUNT($_POST['task']);
-       if ((isset($_POST['assign'])) && ($SEL > 0)) {
+       if (REQUEST_ISSET_POST(('task'))) $SEL = SELECTION_COUNT(REQUEST_POST('task'));
+
+       if ((REQUEST_ISSET_POST(('assign'))) && ($SEL > 0)) {
                // Assign / do tasks
                LOAD_INC_ONCE("inc/modules/admin/overview-inc.php");
                if (empty($dmy)) $dmy = "";
-               OUTPUT_SELECTED_TASKS($_POST, $dmy);
+               OUTPUT_SELECTED_TASKS(REQUEST_POST_ARRAY(), $dmy);
        } else {
                // Start listing tasks matching selected filter
                $result_tasks = SQL_QUERY("SELECT id, assigned_admin, userid, task_type, subject, text, task_created
@@ -95,16 +95,16 @@ WHERE ".$whereStatement."
 ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __LINE__);
                if (($SEL > 0) && (!IS_DEMO())) {
                        // Only unassign / delete tasks when there are selected tasks posted
-                       if (isset($_POST['unassign'])) {
+                       if (REQUEST_ISSET_POST(('unassign'))) {
                                // Unassign from tasks
-                               foreach ($_POST['task'] as $id => $sel) {
+                               foreach (REQUEST_POST('task') as $id => $sel) {
                                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET assigned_admin=0 WHERE id=%s AND assigned_admin=%s LIMIT 1",
                                                array(bigintval($id), GET_CURRENT_ADMIN_ID()), __FILE__, __LINE__);
                                }
-                       } elseif (isset($_POST['del'])) {
+                       } elseif (REQUEST_ISSET_POST(('del'))) {
                                // Delete tasks
-                               foreach ($_POST['task'] as $id => $sel) {
-                                       if ($_GET['type'] == "deleted") {
+                               foreach (REQUEST_POST('task') as $id => $sel) {
+                                       if (REQUEST_GET('type') == "deleted") {
                                                // Delete task immediately
                                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_task_system` WHERE id=%s LIMIT 1",
                                                        array(bigintval($id)),__FILE__, __LINE__);
@@ -120,10 +120,10 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                }
 
                // There are uncompleted jobs!
-               $type = constant('ADMIN_OVERVIEW_TASK_'.strtoupper($_GET['type']).'_TYPE');
+               $type = constant('ADMIN_OVERVIEW_TASK_'.strtoupper(REQUEST_GET('type')).'_TYPE');
                LOAD_TEMPLATE("admin_overview_header_task", false, array(
                        'message' => $type,
-                       'type'    => $_GET['type']
+                       'type'    => REQUEST_GET('type')
                ));
                $SW = 2;
                while (list($id, $admin, $uid, $type, $subj, $text, $created) = SQL_FETCHROW($result_tasks)) {
@@ -183,7 +183,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                SQL_FREERESULT($result_tasks);
 
                // Load footer template
-               if ($_GET['type'] == "deleted")
+               if (REQUEST_GET('type') == "deleted")
                {
                        // Delete now button
                        LOAD_TEMPLATE("admin_overview_footer_task");
index 4fbe78833c52645c4b3b0b11c83615b1e107dde3..ccc74f2e1fec3b14c58048c18ba29ec397f0692e 100644 (file)
@@ -46,7 +46,7 @@ ADD_DESCR("admin", __FILE__);
 // Don't load the admin_list_unconfirmed template by default
 $listed = false;
 
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
        // List confirmation links from your member's mail orders
        define('__LIST_UNCON_TITLE', getMessage('LIST_UNCONFIRMED_MEMBER_LINKS'));
 
@@ -54,22 +54,22 @@ if (!empty($_GET['mid'])) {
        $SQL = "SELECT DISTINCT s.id, p.sender, p.subject, p.text, p.url, p.timestamp, s.max_rec  FROM `{!_MYSQL_PREFIX!}_pool` AS p
 LEFT JOIN `{!_MYSQL_PREFIX!}_user_stats` AS s
 ON p.id=s.pool_id
-WHERE p.id='".$_GET['mid']."' LIMIT 1";
+WHERE p.id='".REQUEST_GET('mid')."' LIMIT 1";
 
        // Column, type and ID for member's mail
        $col = "stats_id"; $type = "NORMAL"; $ID = "-1";
 
        // Load admin_list_unconfirmed template
-       $listed = true; $DATA = $_GET['mid']; $LINK = "mailid";
-} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
+       $listed = true; $DATA = REQUEST_GET('mid'); $LINK = "mailid";
+} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("bonus"))) {
        // List confirmation links from bonus mails
        define('__LIST_UNCON_TITLE', getMessage('LIST_UNCONFIRMED_BONUS_LINKS'));
 
        // SQL query for mail data (both ids are required for compatiblity to above normal mail
-       $SQL = "SELECT id, id, subject, text, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id='".$_GET['bid']."' LIMIT 1";
+       $SQL = "SELECT id, id, subject, text, url, timestamp, mails_sent FROM `{!_MYSQL_PREFIX!}_bonus` WHERE id='".REQUEST_GET('bid')."' LIMIT 1";
 
        // Column, type and ID for member's mail
-       $col = "bonus_id"; $type = "BONUS"; $ID = $_GET['bid'];
+       $col = "bonus_id"; $type = "BONUS"; $ID = REQUEST_GET('bid');
 
        // Load admin_list_unconfirmed template
        $listed = true; $DATA = $ID; $LINK = "bonusid";
@@ -143,7 +143,7 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s",
 
                // Load final template
                LOAD_TEMPLATE("admin_list_unconfirmed");
-       } elseif ($_GET['mid'] > 0) {
+       } elseif (REQUEST_GET('mid') > 0) {
                // Data in pool or in user_stats not found, so let's find out where data is missing
                $result1 = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
                        array(bigintval($ID)), __FILE__, __LINE__);
@@ -163,7 +163,7 @@ WHERE l.%s='%s' ORDER BY l.userid LIMIT %s",
                // Free memory
                SQL_FREERESULT($result1);
                SQL_FREERESULT($result2);
-       } elseif (!empty($_GET['bid'])) {
+       } elseif (REQUEST_ISSET_GET(('bid'))) {
                // Data in bonus table not found
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_UNCONFIRMED_INVALID_LINK'));
        }
index d3020a6a0a26c6c38342ac557c7e05eb2149b9f0..38702a865214ad3a5e3c51a4e48a31a61d6c82ac 100644 (file)
@@ -46,12 +46,12 @@ ADD_DESCR("admin", __FILE__);
 
 // Init title with "all accounts"
 $listHeader = getMessage('ADMIN_ALL_ACCOUNTS');
-if (!empty($_GET['status'])) {
+if (REQUEST_ISSET_GET(('status'))) {
        // Set title according to the "status"
-       $listHeader = getMessage(sprintf("ADMIN_LIST_STATUS_%s_ACCOUNTS", strtoupper(SQL_ESCAPE($_GET['status']))));
-} elseif (!empty($_GET['mode'])) {
+       $listHeader = getMessage(sprintf("ADMIN_LIST_STATUS_%s_ACCOUNTS", strtoupper(SQL_ESCAPE(REQUEST_GET('status')))));
+} elseif (REQUEST_ISSET_GET(('mode'))) {
        // Set title according to the "mode"
-       $listHeader = getMessage(sprintf("ADMIN_LIST_MODE_%s_ACCOUNTS", strtoupper(SQL_ESCAPE($_GET['mode']))));
+       $listHeader = getMessage(sprintf("ADMIN_LIST_MODE_%s_ACCOUNTS", strtoupper(SQL_ESCAPE(REQUEST_GET('mode')))));
 }
 
 // Remember it
@@ -85,16 +85,16 @@ if (EXT_IS_ACTIVE("country")) {
 }
 
 // Init unset data (bad that we change $_GET here!)
-if (empty($_GET['letter'])) { $_GET['letter'] = _ALL2;    }
-if (empty($_GET['sortby'])) { $_GET['sortby'] = "userid"; }
-if (empty($_GET['page']))   { $_GET['page']   = "1";      }
+if (!REQUEST_ISSET_GET(('letter'))) { REQUEST_SET_GET('letter', getMessage('_ALL2')); }
+if (!REQUEST_ISSET_GET(('sortby'))) { REQUEST_SET_GET('sortby', "userid");            }
+if (!REQUEST_ISSET_GET(('page')))   { REQUEST_SET_GET('page'  , "1");                 }
 
 // Set base URL
 $BASE = "[<a href=\"{!URL!}/modules.php?module=admin";
 
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
        // Secure the user ID
-       $uid = bigintval($_GET['u_id']);
+       $uid = bigintval(REQUEST_GET('uid'));
 
        // Does the account exists?
        $result_user = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails, receive_mails, refid, status, REMOTE_ADDR, last_online, last_module, ref_clicks, total_logins, used_points, emails_sent, joined, last_update, last_profile_sent, notified, ref_payout, emails_received, mails_confirmed".$MORE."
@@ -112,11 +112,11 @@ LIMIT 1",
                $LINKS = GET_TOTAL_DATA($uid, "user_links", "id", "userid", true);
 
                // Add links to the numbers
-               if ($LINKS > 0) $LINKS = $BASE."&amp;what=list_links&amp;u_id=".$uid."\">".$LINKS."</a>]";
-               if ($DATA['refid'] > 0) $DATA['refid'] = $BASE."&amp;what=list_user&amp;u_id=".$DATA['refid']."\">".$DATA['refid']."</a>]";
+               if ($LINKS > 0) $LINKS = $BASE."&amp;what=list_links&amp;uid=".$uid."\">".$LINKS."</a>]";
+               if ($DATA['refid'] > 0) $DATA['refid'] = $BASE."&amp;what=list_user&amp;uid=".$DATA['refid']."\">".$DATA['refid']."</a>]";
                if (empty($DATA['last_module'])) $DATA['last_module'] = "---";
-               if ($REFS > 0) $REFS = $BASE."&amp;what=list_refs&amp;u_id=".$uid."\">".$REFS."</a>]";
-               if ($CATS > 0) $CATS = $BASE."&amp;what=list_cats&amp;u_id=".$uid."\">".$CATS."</a>]";
+               if ($REFS > 0) $REFS = $BASE."&amp;what=list_refs&amp;uid=".$uid."\">".$REFS."</a>]";
+               if ($CATS > 0) $CATS = $BASE."&amp;what=list_cats&amp;uid=".$uid."\">".$CATS."</a>]";
 
                // Calculate timestamp for birthday
                $stamp = mktime(0, 0, 0, $DATA['birth_month'], $DATA['birth_day'], $DATA['birth_year']);
@@ -140,7 +140,7 @@ LIMIT 1",
                $DATA['status']            = TRANSLATE_STATUS($DATA['status']);
                $DATA['last_online']       = MAKE_DATETIME($DATA['last_online'], "0");
                $DATA['used_points']       = TRANSLATE_COMMA($DATA['used_points']);
-               if ($DATA['emails_sent'] > 0) $DATA['emails_sent'] = $BASE."&amp;what=email_details&amp;u_id=".$uid."\">".TRANSLATE_COMMA($DATA['emails_sent'])."</a>]";
+               if ($DATA['emails_sent'] > 0) $DATA['emails_sent'] = $BASE."&amp;what=email_details&amp;uid=".$uid."\">".TRANSLATE_COMMA($DATA['emails_sent'])."</a>]";
                $DATA['joined']            = MAKE_DATETIME($DATA['joined'], "0");
                $DATA['last_update']       = MAKE_DATETIME($DATA['last_update'], "0");
                $DATA['last_profile_sent'] = MAKE_DATETIME($DATA['last_profile_sent'], "0");
@@ -197,25 +197,25 @@ LIMIT 1",
        SQL_FREERESULT($result_user);
 } else {
        $whereStatement = "";
-       if (($_GET['letter'] != getMessage('_ALL2')) && ($_GET['letter'] != getMessage('_OTHERS')) && (!empty($_GET['letter']))) {
+       if ((REQUEST_GET('letter') != getMessage('_ALL2')) && (REQUEST_GET('letter') != getMessage('_OTHERS')) && (REQUEST_ISSET_GET(('letter')))) {
                // List only persons w
-               $whereStatement = " WHERE family LIKE '".$_GET['letter']."%'";
+               $whereStatement = " WHERE family LIKE '".REQUEST_GET('letter')."%'";
        } // END - if
-       if ($_GET['sortby'] == "family_name") $_GET['sortby'] = "family";
+       if (REQUEST_GET('sortby') == "family_name") REQUEST_SET_GET('sortby', "family");
 
        // Parse the status or mode parameter
-       if (isset($_GET['status'])) {
+       if (REQUEST_ISSET_GET(('status'))) {
                // Is a WHERE statement already there?
                if (!empty($whereStatement)) {
                        // Then append the status column
-                       $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['status']))));
+                       $whereStatement .= sprintf(" AND `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper(REQUEST_GET('status')))));
                } else {
                        // Start a new one
-                       $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper($_GET['status']))));
+                       $whereStatement = sprintf(" WHERE `status`='%s'", SQL_ESCAPE(strip_tags(strtoupper(REQUEST_GET('status')))));
                }
-       } elseif (isset($_GET['mode'])) {
+       } elseif (REQUEST_ISSET_GET(('mode'))) {
                // Choose what we need to list
-               switch ($_GET['mode']) {
+               switch (REQUEST_GET('mode')) {
                        case "norefs": // Users w/o refs
                                if (!empty($whereStatement)) {
                                        // Add AND statement
@@ -227,13 +227,13 @@ LIMIT 1",
                                break;
 
                        default: // Invalid list mode
-                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid list mode %s detected.", SQL_ESCAPE($_GET['mode'])));
+                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid list mode %s detected.", SQL_ESCAPE(REQUEST_GET('mode'))));
                                break;
                }
        } // END = if
 
        // Prepare SQL and run it
-       $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status, emails_sent, mails_confirmed, emails_received".$MORE." FROM `{!_MYSQL_PREFIX!}_user_data`".$whereStatement." ORDER BY ".SQL_ESCAPE($_GET['sortby']);
+       $SQL = "SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, status, emails_sent, mails_confirmed, emails_received".$MORE." FROM `{!_MYSQL_PREFIX!}_user_data`".$whereStatement." ORDER BY ".SQL_ESCAPE(REQUEST_GET('sortby'));
        $result_master = SQL_QUERY($SQL, __FILE__, __LINE__);
 
        // Calculate page count (0.5 fixes a bug with page count)
@@ -245,11 +245,11 @@ LIMIT 1",
        // Activate the extension please!
        $PAGES = round(SQL_NUMROWS($result_master) / getConfig('user_limit') + 0.5);
 
-       if (empty($_GET['page']))   $_GET['page']   = "1";
-       if (empty($_GET['offset'])) $_GET['offset'] = getConfig('user_limit');
+       if (!REQUEST_ISSET_GET(('page')))   REQUEST_SET_GET('page'  , "1");
+       if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', getConfig('user_limit'));
 
        // Add limitation to SQL string and run him again
-       $SQL .= " LIMIT ".($_GET['offset'] * $_GET['page'] - $_GET['offset']).", ".$_GET['offset'];
+       $SQL .= " LIMIT ".(REQUEST_GET('offset') * REQUEST_GET('page') - REQUEST_GET('offset')).", ".REQUEST_GET('offset');
        $result = SQL_QUERY($SQL, __FILE__, __LINE__);
 
        $result_user = SQL_QUERY("SELECT emails_sent FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED'", __FILE__, __LINE__);
@@ -266,8 +266,8 @@ LIMIT 1",
                define('__USER_CNT'  , $user_count);
 
                // Sorting links
-               define('__ALPHA_SORT', alpha($_GET['sortby'], $colspan, true));
-               define('__SORT_LINKS', SortLinks($_GET['letter'], $_GET['sortby'], $colspan, true));
+               define('__ALPHA_SORT', alpha(REQUEST_GET('sortby'), $colspan, true));
+               define('__SORT_LINKS', SortLinks(REQUEST_GET('letter'), REQUEST_GET('sortby'), $colspan, true));
 
                if ($PAGES > 1) {
                        define('__PAGE_NAV', ADD_PAGENAV($PAGES, getConfig('user_limit'), true, $colspan, true));
@@ -294,10 +294,10 @@ LIMIT 1",
 
                        // Get number of unconfirmed mails
                        $LINKS = GET_TOTAL_DATA($content['userid'], "user_links", "id", "userid", true);
-                       if ($LINKS > 0) $LINKS = $BASE."&amp;what=list_links&amp;u_id=".$content['userid']."\">".TRANSLATE_COMMA($LINKS)."</a>]";
+                       if ($LINKS > 0) $LINKS = $BASE."&amp;what=list_links&amp;uid=".$content['userid']."\">".TRANSLATE_COMMA($LINKS)."</a>]";
 
                        // Set link to sent mails if present
-                       if ($content['emails_sent'] > 0) $content['emails_sent'] = $BASE."&amp;what=email_details&amp;u_id=".$content['userid']."\">".TRANSLATE_COMMA($content['emails_sent'])."</a>]";
+                       if ($content['emails_sent'] > 0) $content['emails_sent'] = $BASE."&amp;what=email_details&amp;uid=".$content['userid']."\">".TRANSLATE_COMMA($content['emails_sent'])."</a>]";
 
                        // Add nickname
                        if (empty($content['nickname']) || $content['nickname'] == $content['userid']) $content['nickname'] = "---";
index 019b6b82daeb0c16493e7eefcb72e4e891f4123c..d93dddb94f14e8926ac68728b144914f811756a6 100644 (file)
@@ -46,19 +46,19 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Do actions here
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Prepare mail for delivery
-       YOOMEDIA_PREPARE_MAIL_DELIVERY($_POST);
+       YOOMEDIA_PREPARE_MAIL_DELIVERY(REQUEST_POST_ARRAY());
        return;
-} elseif (isset($_POST['sent'])) {
+} elseif (REQUEST_ISSET_POST(('sent'))) {
        // Sent mail
-       YOOMEDIA_SEND_BONUS_MAIL($_POST, "normal");
-} elseif (isset($_POST['remove'])) {
+       YOOMEDIA_SEND_BONUS_MAIL(REQUEST_POST_ARRAY(), "normal");
+} elseif (REQUEST_ISSET_POST(('remove'))) {
        // Add mail to exclude list
-       YOOMEDIA_EXCLUDE_MAIL($_POST, "normal");
-} elseif (isset($_POST['unlist'])) {
+       YOOMEDIA_EXCLUDE_MAIL(REQUEST_POST_ARRAY(), "normal");
+} elseif (REQUEST_ISSET_POST(('unlist'))) {
        // Remove mail from exclude list
-       YOOMEDIA_UNLIST_MAIL($_POST, "normal");
+       YOOMEDIA_UNLIST_MAIL(REQUEST_POST_ARRAY(), "normal");
 }
 
 // Enougth queries left?
index bed365337a921d712567c148ac3ffbf202a3ace3..f20b9a7e1308cea8d25499ba482a7c6888286b90 100644 (file)
@@ -41,10 +41,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 $MSG = "";
 
-if (!empty($_GET['id'])) {
+if (REQUEST_ISSET_GET(('id'))) {
        // Check for selected sponsor
        $result = SQL_QUERY_ESC("SELECT gender, surname, family, email, status FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' LIMIT 1",
-        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Get sponsor's current status and let only confirmed and locked status pass
                list($gender, $sname, $fname, $email, $status) = SQL_FETCHROW($result);
@@ -55,9 +55,9 @@ if (!empty($_GET['id'])) {
                        define('__GENDER'  , TRANSLATE_GENDER($gender));
                        define('__SURNAME', $sname);
                        define('__FAMILY' , $fname);
-                       define('__ID'     , bigintval($_GET['id']));
+                       define('__ID'     , bigintval(REQUEST_GET('id')));
 
-                       if (isset($_POST['ok'])) {
+                       if (IS_FORM_SENT()) {
                                // Create messages
                                if ($status == "CONFIRMED") {
                                        // Message when sponsor's account got lock
@@ -72,17 +72,17 @@ if (!empty($_GET['id'])) {
                                }
 
                                // Load email message
-                               $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", $_POST['reason'], bigintval($_GET['id']));
+                               $msg = LOAD_EMAIL_TEMPLATE("lock_sponsor", REQUEST_POST('reason'), bigintval(REQUEST_GET('id')));
 
                                // And send it away
                                SEND_EMAIL($email, $subject, $msg);
 
                                // Update sponsor's account
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='".$status."' WHERE id='%s' LIMIT 1",
-                                       array(bigintval($_GET['id'])), __FILE__, __LINE__);
-                       } elseif (!empty($_POST['no'])) {
+                                       array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
+                       } elseif (REQUEST_ISSET_POST(('no'))) {
                                // No don't lock / unlock now!
-                               LOAD_URL("modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['id']));
+                               LOAD_URL("modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval(REQUEST_GET('id')));
                        } else {
                                // Create header and text messages
                                if ($status == "CONFIRMED") {
@@ -107,7 +107,7 @@ if (!empty($_GET['id'])) {
                }
        } else {
                // Sponsor not found!
-               $MSG = sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval($_GET['id']));
+               $MSG = sprintf(getMessage('ADMIN_SPONSOR_404'), bigintval(REQUEST_GET('id')));
        }
 } else {
        // Not called by what-list_sponsor.php
index 06c4557c92bb6b21e18b873fb73a9b657d09c333..aff963e0b4a95e311a637110fa0754e50aac0eb9 100644 (file)
@@ -41,10 +41,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Is a userid set?
-if (!empty($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
        // Load user's data
        $result_user = SQL_QUERY_ESC("SELECT status, gender, surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-        array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        $ACT = false;
        if (SQL_NUMROWS($result_user) == 1) {
                // User found
@@ -54,67 +54,67 @@ if (!empty($_GET['u_id'])) {
                SQL_FREERESULT($result_user);
 
                // Is a lock reason set?
-               if ((!empty($_POST['lock'])) && ($status != "LOCKED")) {
+               if ((REQUEST_ISSET_POST(('lock'))) && ($status != "LOCKED")) {
                        // Ok, lock the account!
                        if (GET_EXT_VERSION("user") >= "0.3.5") {
                                // Lock with reason
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='LOCKED',lock_reason='%s',lock_timestamp=NOW() WHERE userid=%s LIMIT 1",
-                                       array($_POST['reason'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                                       array(REQUEST_POST('reason'), bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                        } else {
                                // Lock with no lock reason saved
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='LOCKED' WHERE userid=%s LIMIT 1",
-                                       array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                                       array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                        }
 
                        // Entry updated?
                        if (SQL_AFFECTEDROWS() == 1) {
                                // Send an email to the user! In later version you can optionally switch this feature off
-                               $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id']));
+                               $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => REQUEST_POST('reason')), bigintval(REQUEST_GET('uid')));
 
                                // Send away...
-                               SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_LOCKED_SUBJ, $msg);
+                               SEND_EMAIL(bigintval(REQUEST_GET('uid')), ADMIN_LOCKED_SUBJ, $msg);
                        } // END - if
 
                        // Prepare message
-                       $MSG = USER_ACCOUNT_LOCKED_1.$_GET['u_id'].USER_ACCOUNT_LOCKED_2;
+                       $MSG = USER_ACCOUNT_LOCKED_1.REQUEST_GET('uid').USER_ACCOUNT_LOCKED_2;
                        $ACT = true;
-               } elseif ((!empty($_POST['unlock'])) && ($status == "LOCKED")) {
+               } elseif ((REQUEST_ISSET_POST(('unlock'))) && ($status == "LOCKED")) {
                        // Ok, unlock the account!
                        if (GET_EXT_VERSION("user") >= "0.3.5") {
                                // Reset lock reason as well
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED',lock_reason='',lock_timestamp='0000-00-00 00:00' WHERE userid=%s LIMIT 1",
-                                       array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                                       array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                        } else {
                                // No lock reason to reset
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED' WHERE userid=%s LIMIT 1",
-                                       array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                                       array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                        }
 
                        // Entry updated?
                        if (SQL_AFFECTEDROWS() == 1) {
                                // Send an email to the user! In later version you can optionally switch this feature off
-                               $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id']));
+                               $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => REQUEST_POST('reason')), bigintval(REQUEST_GET('uid')));
 
                                // Send away...
-                               SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_UNLOCKED_SUBJ'), $msg);
+                               SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_UNLOCKED_SUBJ'), $msg);
                                if (EXT_IS_ACTIVE("rallye")) {
-                                       RALLYE_AUTOADD_USER($_GET['u_id']);
+                                       RALLYE_AUTOADD_USER(REQUEST_GET('uid'));
                                } // END - if
                        } // END - if
 
                        // Prepare message
-                       $MSG = USER_ACCOUNT_UNLOCKED_1.$_GET['u_id'].USER_ACCOUNT_UNLOCKED_2;
+                       $MSG = USER_ACCOUNT_UNLOCKED_1.REQUEST_GET('uid').USER_ACCOUNT_UNLOCKED_2;
                        $ACT = true;
-               } elseif (isset($_POST['del'])) {
+               } elseif (REQUEST_ISSET_POST(('del'))) {
                        // Delete the account
                        $ACT = true;
                        LOAD_INC_ONCE("inc/modules/admin/what-del_user.php");
-               } elseif (!empty($_POST['no'])) {
+               } elseif (REQUEST_ISSET_POST(('no'))) {
                        // Do not lock him...
-                       $URL = "modules.php?module=admin&amp;what=list_user&amp;u_id=".bigintval($_GET['u_id']);
+                       $URL = "modules.php?module=admin&amp;what=list_user&amp;uid=".bigintval(REQUEST_GET('uid'));
                } else {
                        $result = SQL_QUERY_ESC("SELECT email, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-                               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
 
                        // Entry found?
                        if (SQL_NUMROWS($result) == 1) {
@@ -128,7 +128,7 @@ if (!empty($_GET['u_id'])) {
                                define('__EMAIL', CREATE_EMAIL_LINK($email, "user_data"));
                                define('__SNAME', $sname);
                                define('__FNAME', $fname);
-                               define('__UID'  , bigintval($_GET['u_id']));
+                               define('__UID'  , bigintval(REQUEST_GET('uid')));
 
                                // Realy want to lock?
                                switch ($status)
@@ -156,7 +156,7 @@ if (!empty($_GET['u_id'])) {
                                LOAD_TEMPLATE("admin_lock_user");
                        } else {
                                // Account does not exists!
-                               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+                               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
                        }
                }
 
@@ -174,7 +174,7 @@ if (!empty($_GET['u_id'])) {
                }
        } else {
                // Account does not exists!
-               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
        }
 } else {
        // List all users
index c1f1f4a1be70d8808dac7cddfa4fde69970bb583..e3bce0b26e81d01353f3957a530e05c80d2ac1fd 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['access'])) {
+if (REQUEST_ISSET_GET(('access'))) {
        // Secure input and construct FQFN
-       $access = SQL_ESCAPE(strip_tags($_GET['access']));
+       $access = SQL_ESCAPE(strip_tags(REQUEST_GET('access')));
        $target = sprintf("%slogs/%s", constant('PATH'), $access);
 
        // Is the file valid and readable?
index 6ae59ecbd90c6d1d8b0da658ed866face9e3a3f9..adb4692f6472e1d939c4d0bfb91c2b78d568cb88 100644 (file)
@@ -40,7 +40,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // De- or activate maintenance mode
        switch (getConfig('maintenance'))
        {
index e783f528c3af0b248e700b337aa6d1edfa3ccf13..72b54fb70e4c44bc256f9f37af7b1160078e139c 100644 (file)
@@ -42,11 +42,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Check if the admin has entered title and what-php file name...
-if ((empty($_POST['title'])) && (isset($_POST['ok']))) {
-       unset($_POST['ok']);
+if ((!REQUEST_ISSET_POST(('title'))) && (IS_FORM_SENT())) {
+       REQUEST_UNSET_POST('ok');
 }
 
-if (!isset($_POST['ok'])) {
+if (!IS_FORM_SENT()) {
        // Create arrays
        $menus = array(); $titles = array(); $below = array();
 
@@ -152,25 +152,25 @@ if (!isset($_POST['ok'])) {
        LOAD_TEMPLATE("admin_member_add");
 } elseif (!IS_DEMO()) {
        // Insert new menu entry
-       if (!empty($_POST['menu']))
+       if (REQUEST_ISSET_POST(('menu')))
        {
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_member_menu` (`action`,`what`,`title`,`visible`,`locked`,`sort`) VALUES ('%s','%s','%s','%s','%s','%s')",
  array(
-       $_POST['menu'],
-       $_POST['name'],
-       $_POST['title'],
-       $_POST['visible'],
-       $_POST['active'],
-       bigintval($_POST['sort']),
+       REQUEST_POST('menu'),
+       REQUEST_POST('name'),
+       REQUEST_POST('title'),
+       REQUEST_POST('visible'),
+       REQUEST_POST('active'),
+       bigintval(REQUEST_POST('sort')),
 ), __FILE__, __LINE__);
        } else {
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_member_menu` (`action`,`title`,`visible`,`locked`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
  array(
-       $_POST['name'],
-       $_POST['title'],
-       $_POST['visible'],
-       $_POST['active'],
-       bigintval($_POST['sort']),
+       REQUEST_POST('name'),
+       REQUEST_POST('title'),
+       REQUEST_POST('visible'),
+       REQUEST_POST('active'),
+       bigintval(REQUEST_POST('sort')),
 ), __FILE__, __LINE__);
        }
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
index fb80b42047b90a0411285c1d40192394449e2853..ed4f7f918291e6bbe0f5f5422f77eb25afc76649 100644 (file)
@@ -43,22 +43,22 @@ ADD_DESCR("admin", __FILE__);
 // Do we edit/delete/change main menus or sub menus?
 $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
 
-if (!empty($_GET['sub'])) {
-       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
-       $SUB = SQL_ESCAPE($_GET['sub']);
+if (REQUEST_ISSET_GET(('sub'))) {
+       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+       $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
 }
 
 // Get count of (maybe) selected menu points
 $chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
 
 // List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) {
        // Edit menu entries
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        $SW = 2; $cnt = 0; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm) {
+       foreach (REQUEST_POST('sel') as $sel => $confirm) {
                if ($confirm == 1) {
                        $cnt++;
                        $result = SQL_QUERY_ESC("SELECT title, action, what FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1",
@@ -93,12 +93,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
 
        // Load template
        LOAD_TEMPLATE("admin_mmenu_edit");
-} elseif ((isset($_POST['del'])) && ($chk > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ($chk > 0) && (!IS_DEMO())) {
        // Del menu entries with or without confirmation
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        $SW = 2; $cnt = 0; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm) {
+       foreach (REQUEST_POST('sel') as $sel => $confirm) {
                if ($confirm == 1) {
                        $cnt++;
                        $result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1",
@@ -131,12 +131,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
 
        // Load template
        LOAD_TEMPLATE("admin_mmenu_delete");
-} elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO())) {
+} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) {
        // Change status (visible / locked)
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        $SW = 2; $cnt = 0; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm) {
+       foreach (REQUEST_POST('sel') as $sel => $confirm) {
                if ($confirm == 1) {
                        $cnt++;
                        $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE ".$AND." AND id=%s LIMIT 1",
@@ -173,17 +173,17 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
        define('__CNT_VALUE', $cnt);
        //
        LOAD_TEMPLATE("admin_mmenu_status");
-} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) {
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
        // An act is done...
-       foreach ($_POST['sel'] as $sel => $menu) {
+       foreach (REQUEST_POST('sel') as $sel => $menu) {
                $AND = "(`what` = '' OR `what` IS NULL)";
                $sel = bigintval($sel);
                if (!empty($SUB)) $AND = "action='".$SUB."'";
-               switch ($_POST['ok'])
+               switch (REQUEST_POST('ok'))
                {
                case "edit": // Edit menu
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $sel), __FILE__, __LINE__);
+                               array($menu, REQUEST_POST('sel_act', $sel), REQUEST_POST('sel_what', $sel), $sel), __FILE__, __LINE__);
                        break;
 
                case "del": // Delete menu
@@ -193,7 +193,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
 
                case "status": // Change status of menus
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
+                               array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__);
                        break;
                }
                break;
@@ -202,37 +202,37 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
        // Load template
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
 } else {
-       if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+       if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
                // Init
                $tid = ""; $fid = "";
 
                // Get IDs
-               if (!empty($_GET['w'])) {
+               if (REQUEST_ISSET_GET(('w'))) {
                        // Sub menus selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                        array(bigintval($_GET['act']), bigintval($_GET['tid'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('act')), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                        array(bigintval($_GET['act']), bigintval($_GET['fid'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('act')), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                } else {
                        // Main menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                        array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_member_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                        array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                }
 
                if ((!empty($tid)) && (!empty($fid))) {
                        // Sort menu
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_member_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
                } // END - -fi
        }
 
index 9d43b8d6bfe60dd71863630572b6bdc46bf2b818..4f1a7073b46714444169be33505e8ed10cdb05e8 100644 (file)
@@ -85,7 +85,7 @@ if ($JOBS_DONE) {
        }
 
        // List selected tasks on overview when task management is not active
-       OUTPUT_SELECTED_TASKS($_POST, $result_tasks);
+       OUTPUT_SELECTED_TASKS(REQUEST_POST_ARRAY(), $result_tasks);
 }
 
 //
index 210812d70877ef4e67d0d14b646b31fc23dac819..24f58d4c6a2218b60f8048a2cfda5198c9117964 100644 (file)
@@ -40,19 +40,17 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (empty($_GET['do'])) unset($_GET['do']);
-
-if (((empty($_POST['t_wait'])) || (empty($_POST['payment']))) && (!empty($_GET['do'])) && ($_GET['do'] == "add")) {
-       unset($_POST['ok']);
+if (((!REQUEST_ISSET_POST(('t_wait'))) || (!REQUEST_ISSET_POST(('payment')))) && (REQUEST_ISSET_GET(('do'))) && (REQUEST_GET('do') == "add")) {
+       REQUEST_UNSET_POST('ok');
 }
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        $SQL = array();
-       switch ($_GET['do']) {
+       switch (REQUEST_GET('do')) {
        case "add":
-               $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_payments` (time, payment, mail_title, price) VALUES ('".$_POST['t_wait']."','".$_POST['payment']."','".$_POST['title']."','".$_POST['price']."')";
+               $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_payments` (time, payment, mail_title, price) VALUES ('".REQUEST_POST('t_wait')."','".REQUEST_POST('payment')."','".REQUEST_POST('title')."','".REQUEST_POST('price')."')";
                $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payments` WHERE time='%s' LIMIT 1",
-                array($_POST['t_wait']), __FILE__, __LINE__);
+                array(REQUEST_POST('t_wait')), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Free memory
                        $SQLs[0] = "";
@@ -61,13 +59,13 @@ if (isset($_POST['ok'])) {
                break;
 
        case "edit":
-               foreach ($_POST['time'] as $id => $value) {
-                       $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_payments` SET time='".$value."', payment='".$_POST['pay'][$id]."', price='".$_POST['price'][$id]."', mail_title='".$_POST['title'][$id]."' WHERE id='".$id."' LIMIT 1";
+               foreach (REQUEST_POST('time') as $id => $value) {
+                       $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_payments` SET time='".$value."', payment='".REQUEST_POST('pay', $id)."', price='".REQUEST_POST('price', $id)."', mail_title='".REQUEST_POST('title', $id)."' WHERE id='".$id."' LIMIT 1";
                }
                break;
 
        case "del":
-               foreach ($_POST['id'] as $id => $value) {
+               foreach (REQUEST_POST('id') as $id => $value) {
                        $SQLs[] = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payments` WHERE id='".$id."' LIMIT 1";
                }
                break;
@@ -85,10 +83,10 @@ if (isset($_POST['ok'])) {
 
        // Output template
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Delete entries here
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                $result = SQL_QUERY_ESC("SELECT time, mail_title FROM `{!_MYSQL_PREFIX!}_payments` WHERE id=%s LIMIT 1",
                        array(bigintval($id)), __FILE__, __LINE__);
                list($time, $title) = SQL_FETCHROW($result);
@@ -110,10 +108,10 @@ if (isset($_POST['ok'])) {
 
        // Load main template
        LOAD_TEMPLATE("admin_del_payments");
-} elseif ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Edit entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                $result = SQL_QUERY_ESC("SELECT time, payment, mail_title, price FROM `{!_MYSQL_PREFIX!}_payments` WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($time, $pay, $title, $price) = SQL_FETCHROW($result);
index 1866e42f987fc2fde0cbe2ea9d9edb7735127259..f17446b43ee3ef30b7ddc35bca7a33f35f64d3b1 100644 (file)
@@ -44,28 +44,28 @@ ADD_DESCR("admin", __FILE__);
 $SEL = 0;
 
 // Some sanity-check
-if ((empty($_POST['url'])) || (empty($_POST['alternate']))) {
-       unset($_POST['ok']);
+if ((!REQUEST_ISSET_POST(('url'))) || (!REQUEST_ISSET_POST(('alternate')))) {
+       REQUEST_UNSET_POST('ok');
 }
 
 // Check selection count
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Fix older calls from add-new-banner-form
-       if (empty($_GET['mode'])) $_GET['mode'] = "add";
+       if (!REQUEST_ISSET_GET(('mode'))) REQUEST_SET_GET('mode', "add");
        $SQL = "";
-       switch ($_GET['mode'])
+       switch (REQUEST_GET('mode'))
        {
        case "add":
                // Check if banner is already added
                $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE url='%s' LIMIT 1",
-                       array($_POST['url']), __FILE__, __LINE__);
+                       array(REQUEST_POST('url')), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 0) {
                        // Add banner
                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_refbanner` (url, alternate, visible)
 VALUES ('%s','%s','%s')",
-                               array($_POST['url'], $_POST['alternate'], $_POST['visible']), __FILE__, __LINE__);
+                               array(REQUEST_POST('url'), REQUEST_POST('alternate'), REQUEST_POST('visible')), __FILE__, __LINE__);
                } else {
                        // Free memory
                        SQL_FREERESULT($result);
@@ -73,13 +73,18 @@ VALUES ('%s','%s','%s')",
                break;
 
        case "edit": // Update banner
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Update entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET url='%s', alternate='%s', `visible`='%s' WHERE id=%s LIMIT 1",
-                               array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
+                               array(
+                                       REQUEST_POST('url', $id),
+                                       REQUEST_POST('alternate', $id),
+                                       REQUEST_POST('visible'),
+                                       $id
+                               ), __FILE__, __LINE__);
                }
                break;
        }
@@ -90,10 +95,10 @@ VALUES ('%s','%s','%s')",
                $content = "<span class=\"admin_failed\">{--SETTINGS_NOT_SAVED--}</span>";
        }
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif (($SEL > 0) && (isset($_POST['edit']))) {
+} elseif (($SEL > 0) && (REQUEST_ISSET_POST(('edit')))) {
        // Edit banner
        $SW = ""; $OUT = "";
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Load data
                $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
@@ -118,10 +123,10 @@ VALUES ('%s','%s','%s')",
        // Load main template
        LOAD_TEMPLATE("admin_refbanner_edit");
 } else {
-       if (($SEL > 0) && (isset($_POST['del'])))
+       if (($SEL > 0) && (REQUEST_ISSET_POST(('del'))))
        {
                // Delete banner
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                }
index 6dccfbf0886f0ee285eb8f12e2f11f1b07750288..651b6d68168fff7c9d3a3df3c602a103f6d90df5 100644 (file)
@@ -44,20 +44,20 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Set empty mode to "select"
-if (empty($_GET['mode'])) $_GET['mode'] = "select";
+if (!REQUEST_ISSET_GET('mode')) REQUEST_SET_GET('mode', "select");
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Deliver bonus mail
-       ADD_NEW_BONUS_MAIL($_POST, $_GET['mode']);
+       ADD_NEW_BONUS_MAIL(REQUEST_POST_ARRAY(), REQUEST_GET('mode'));
 } else {
        // Get all available users
-       define('__ALL_VALUE', TRANSLATE_COMMA(GET_TOTAL_RECEIVERS($_GET['mode'])));
+       define('__ALL_VALUE', TRANSLATE_COMMA(GET_TOTAL_RECEIVERS(REQUEST_GET('mode'))));
 
        // Prepare option lines
-       define('__OPTION_LINES', ADD_CATEGORY_OPTIONS($_GET['mode']));
+       define('__OPTION_LINES', ADD_CATEGORY_OPTIONS(REQUEST_GET('mode')));
 
        // Store send mode
-       define('__MODE', SQL_ESCAPE($_GET['mode']));
+       define('__MODE', SQL_ESCAPE(REQUEST_GET('mode')));
 
        if (EXT_IS_ACTIVE("html_mail")) {
                // If HTML extension is active
@@ -68,7 +68,7 @@ if (isset($_POST['ok'])) {
        }
 
        // Select template
-       switch($_GET['mode']) {
+       switch(REQUEST_GET('mode')) {
                case "html":   // HTML mails
                case "normal": // Normal mails
                        $template = "admin_send_bonus_form";
index f18caeab52bc8b1655e30476b0564937543ee700..98f17236698cf97f61604f1310d12c7f52789287 100644 (file)
@@ -40,7 +40,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        $result = SQL_QUERY("SELECT userid, email
 FROM `{!_MYSQL_PREFIX!}_user_data`
 WHERE `status`='CONFIRMED' AND nl_receive='Y'
@@ -52,22 +52,22 @@ ORDER BY userid ASC", __FILE__, __LINE__);
                        $template = "newsletter";
 
                        // Check for extension and sending-mode
-                       if (!EXT_IS_ACTIVE("html_mail", true) && ($_POST['mode'] == "html")) {
+                       if (!EXT_IS_ACTIVE("html_mail", true) && (REQUEST_POST('mode') == "html")) {
                                // Set mode to text mode
-                               $_POST['mode'] == "text";
-                       } elseif ($_POST['mode'] == "html") {
+                               REQUEST_POST('mode') == "text";
+                       } elseif (REQUEST_POST('mode') == "html") {
                                // Set HTML templates
                                $template = "newsletter_html";
                        }
 
                        // Compile message
-                       $_POST['text'] = COMPILE_CODE($_POST['text']);
+                       REQUEST_SET_POST('text', COMPILE_CODE(REQUEST_POST('text')));
 
                        // Load template
-                       $msg = LOAD_EMAIL_TEMPLATE($template, array('text' => $_POST['text']), $id);
+                       $msg = LOAD_EMAIL_TEMPLATE($template, array('text' => REQUEST_POST('text')), $id);
 
                        // ... and send it away!
-                       SEND_NEWSLETTER($email, $_POST['subject'], $msg, $_POST['mode']);
+                       SEND_NEWSLETTER($email, REQUEST_POST('subject'), $msg, REQUEST_POST('mode'));
                }
 
                // Free memory
index 59a1c99fa3d6c45f4edab75a510998519b6a793d..33e9536e1207b8ebff2518d2132bd8185b5e9e19 100644 (file)
@@ -41,15 +41,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // If var is empty set it to empty
-if (empty($_GET['mod'])) $_GET['mod'] = "";
+if (!REQUEST_ISSET_GET(('mod'))) REQUEST_SET_GET('mod', "");
 
 // Check if module was selected
-if (($_GET['mod'] == "index") || ($_GET['mod'] == "login"))
-{
+if ((REQUEST_GET('mod') == "index") || (REQUEST_GET('mod') == "login")) {
        // Select menu system
        $mod = "";
-       switch ($_GET['mod'])
-       {
+       switch (REQUEST_GET('mod')) {
                case "index": $mod = "guest" ; break;
                case "login": $mod = "member"; break;
        }
@@ -58,8 +56,7 @@ if (($_GET['mod'] == "index") || ($_GET['mod'] == "login"))
        $result = SQL_QUERY_ESC("SELECT action, title, counter FROM `{!_MYSQL_PREFIX!}_%s_menu` WHERE `what` != '' AND `what` IS NOT NULL ORDER BY counter DESC",
                array($mod), __FILE__, __LINE__);
        $SW = 2; $OUT = "";
-       while (list($act, $title, $clicks) = SQL_FETCHROW($result))
-       {
+       while (list($act, $title, $clicks) = SQL_FETCHROW($result)) {
                // Prepare array for the template
                $content = array(
                        'sw'     => $SW,
@@ -111,5 +108,6 @@ if (($_GET['mod'] == "index") || ($_GET['mod'] == "login"))
        // Load final template
        LOAD_TEMPLATE("admin_mods_stats");
 }
+
 //
 ?>
index 838204470b135932469d58934c9911dff5468f3a..775fdaeac3f10b58553f1f8218e17394ce742014 100644 (file)
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Fix a notice
-if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
+if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', "");
 
-if ($_GET['u_id'] == "all") {
+if (REQUEST_GET('uid') == "all") {
        // Add points to all accounts
-       define('__POINTS_VALUE', $_POST['points']);
-       if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
+       define('__POINTS_VALUE', REQUEST_POST('points'));
+       if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) {
                $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
                while (list($uid) = SQL_FETCHROW($result_main)) {
                        // User ID found in URL so we use this give him some credits
@@ -61,14 +61,14 @@ if ($_GET['u_id'] == "all") {
                                // Free result
                                SQL_FREERESULT($result);
 
-                               if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+                               if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
                                        // Ok, add points to used points and send an email to him...
-                                       SUB_POINTS("admin_all", $uid, $_POST['points']);
+                                       SUB_POINTS("admin_all", $uid, REQUEST_POST('points'));
 
                                        // Prepare content
                                        $content = array(
-                                               'text'   => SQL_ESCAPE($_POST['reason']),
-                                               'points' => bigintval($_POST['points'])
+                                               'text'   => SQL_ESCAPE(REQUEST_POST('reason')),
+                                               'points' => bigintval(REQUEST_POST('points'))
                                        );
 
                                        // Load message and send it away
@@ -86,40 +86,40 @@ if ($_GET['u_id'] == "all") {
                // Display form add points
                LOAD_TEMPLATE("admin_sub_points_all");
        }
-} elseif (!empty($_GET['u_id'])) {
+} elseif (REQUEST_ISSET_GET(('uid'))) {
        // User ID found in URL so we use this give him some credits
        $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
-               array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))),__FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Selected user does exist
                list($sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
-               if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+               if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
                        // Ok, add to used points and send an email to him...
-                       SUB_POINTS("admin_single", bigintval($_GET['u_id']), $_POST['points']);
+                       SUB_POINTS("admin_single", bigintval(REQUEST_GET('uid')), REQUEST_POST('points'));
 
                        // Prepare content
                        $content = array(
-                               'text'   => SQL_ESCAPE($_POST['reason']),
-                               'points' => bigintval($_POST['points'])
+                               'text'   => SQL_ESCAPE(REQUEST_POST('reason')),
+                               'points' => bigintval(REQUEST_POST('points'))
                        );
 
                        // Load email and send it away
-                       $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id']));
-                       SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_SUB_SUBJ'), $msg);
+                       $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval(REQUEST_GET('uid')));
+                       SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_SUB_SUBJ'), $msg);
 
                        // Output message
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_SUBTRACTED'));
                } else {
                        // Opps, missing form here
                        define('__USER_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
-                       define('__UID', bigintval($_GET['u_id']));
+                       define('__UID', bigintval(REQUEST_GET('uid')));
                        LOAD_TEMPLATE("admin_sub_points");
                }
        } else {
                // User not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
        }
 } else {
        // Output selection form with all confirmed user accounts listed
index 2696de21fae58a7ca0f4ffc0bb2ab0c7fd39ba7a..fd48d1ad67e317bbda70da73005893c44e61e113 100644 (file)
@@ -41,13 +41,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Is the 'url_id' set?
-if (isset($_GET['url_id'])) {
+if (REQUEST_ISSET_GET(('url_id'))) {
        // Generate general statistics
        $result = SQL_QUERY_ESC("SELECT `userid`, `count` AS `total_visits`, UNIX_TIMESTAMP(`last_online`) AS `last_online`
 FROM `{!_MYSQL_PREFIX!}_surfbar_stats`
 WHERE `url_id`=%s
 ORDER BY `userid` ASC",
-               array(bigintval($_GET['url_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('url_id'))), __FILE__, __LINE__);
 
        // Entries found?
        if (SQL_NUMROWS($result) > 0) {
index 13ffa2322146880670c30fa8a3a8e5abdad87572..0f7f4738cee92656d93045f3b3b320e01f4ab797 100644 (file)
@@ -45,21 +45,21 @@ ADD_DESCR("admin", __FILE__);
 
 // Check for selected themes
 $SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 if ($SEL > 0) {
        $OUT = "";
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                $SQL = "";
                // Shall I de-/activate or delete themes?
-               if (isset($_POST['status'])) {
+               if (REQUEST_ISSET_POST(('status'))) {
                        // Change status
-                       if ($_POST['active'][$id] == "Y") {
+                       if (REQUEST_POST('active', $id) == "Y") {
                                $SQL = "UPDATE `{!_MYSQL_PREFIX!}_themes` SET theme_active='N' WHERE id='".$id."' LIMIT 1";
                        } else {
                                $SQL = "UPDATE `{!_MYSQL_PREFIX!}_themes` SET theme_active='Y' WHERE id='".$id."' LIMIT 1";
                        }
                        $OUT = getMessage('ADMIN_THEMES_UPDATED');
-               } elseif (isset($_POST['del'])) {
+               } elseif (REQUEST_ISSET_POST(('del'))) {
                        // Delete themes
                        $SQL = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_themes` WHERE id='".$id."' LIMIT 1";
                        $OUT = getMessage('ADMIN_THEMES_DELETED');
@@ -77,9 +77,9 @@ if ($SEL > 0) {
 
        // Output generated?
        if (empty($OUT)) $OUT = getMessage('ADMIN_THEME_NO_OUTPUT');
-} elseif (!empty($_GET['default_theme'])) {
+} elseif (REQUEST_ISSET_GET(('default_theme'))) {
        // Escape string from input
-       $POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']);
+       $POST['default_theme'] = SQL_ESCAPE(REQUEST_GET('default_theme'));
 
        // Set session
        set_session('mxchange_theme', $POST['default_theme']);
index df118063b96f88e5eca1c0b6b987cdc35410ed37..7cfa35b394a17713241cdd6fe1f7a76c929eed12 100644 (file)
@@ -47,11 +47,11 @@ ADD_DESCR("admin", __FILE__);
 $THEME_MODE = "test";
 
 // Import selected theme if not present
-if (!empty($_POST['theme'])) {
+if (REQUEST_ISSET_POST(('theme'))) {
        // Check if theme is there
-       if (!THEME_CHECK_EXIST($_POST['theme'])) {
+       if (!THEME_CHECK_EXIST(REQUEST_POST('theme'))) {
                // Import theme
-               $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE($_POST['theme']));
+               $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE(REQUEST_POST('theme')));
                if (INCLUDE_READABLE($INC)) {
                        // Load the theme header file
                        LOAD_INC($INC);
@@ -59,20 +59,20 @@ if (!empty($_POST['theme'])) {
                        // Register it ith the exchange
                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_themes` (`theme_path`, `theme_active`, `theme_ver`, `theme_name`)
 VALUES ('%s','N','%s','%s')",
-                               array($_POST['theme'], $THEME_VERSION, $THEME_NAME), __FILE__, __LINE__);
+                               array(REQUEST_POST('theme'), $THEME_VERSION, $THEME_NAME), __FILE__, __LINE__);
 
                        // Destroy cache
                        REBUILD_CACHE("themes", "them");
 
                        // Prepare message
-                       $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2;
+                       $msg = ADMIN_THEME_IMPORTED_1.REQUEST_POST('theme').ADMIN_THEME_IMPORTED_2;
                } else {
                        // Include file not found!
-                       $msg = ADMIN_THEME_INC_404_1.$_POST['theme'].ADMIN_THEME_INC_404_2;
+                       $msg = ADMIN_THEME_INC_404_1.REQUEST_POST('theme').ADMIN_THEME_INC_404_2;
                }
        } else {
                // Theme already imported
-               $msg = ADMIN_THEME_ALREADY_1.$_POST['theme'].ADMIN_THEME_ALREADY_2;
+               $msg = ADMIN_THEME_ALREADY_1.REQUEST_POST('theme').ADMIN_THEME_ALREADY_2;
        }
 
        // Output message
index e1f53a777f3df02db77f6ac93c037f303d8bfc86..644d36a9840c63bcbd5b2e5646053c7bd3eb1c8a 100644 (file)
@@ -49,21 +49,21 @@ FROM `{!_MYSQL_PREFIX!}_pool`
 WHERE `data_type`='ADMIN'
 ORDER BY `timestamp` ASC", __FILE__, __LINE__);
 
-if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) {
+if ((SQL_NUMROWS($result_main) > 0) || (REQUEST_ISSET_POST(('lock')))) {
        // Count checked checkboxes
        $SEL = 0;
-       if (isset($_POST['sel'])) {
+       if (REQUEST_ISSET_POST(('sel'))) {
                // Are there checked boxes?
-               if (count($_POST['sel']) > 0) {
+               if (count(REQUEST_POST('sel')) > 0) {
                        // Count now... We use an own function for now
-                       $SEL = SELECTION_COUNT($_POST['sel']);
+                       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
                } // END - if
        } // END - if
 
-       if (isset($_POST['accept'])) {
+       if (REQUEST_ISSET_POST(('accept'))) {
                if ($SEL > 0) {
                        // Accept mail orders
-                       foreach ($_POST['sel'] as $id => $value) {
+                       foreach (REQUEST_POST('sel') as $id => $value) {
                                // Secure ID number
                                $id = bigintval($id);
 
@@ -121,11 +121,11 @@ LIMIT 1",
 
                // Mails unlocked for mail delivery
                LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
-       } elseif (isset($_POST['reject'])) {
+       } elseif (REQUEST_ISSET_POST(('reject'))) {
                if ($SEL > 0) {
                        // Reject mail orders
                        $SW = 2; $OUT = "";
-                       foreach ($_POST['sel'] as $id => $value) {
+                       foreach (REQUEST_POST('sel') as $id => $value) {
                                // Secure ID number
                                $id = bigintval($id);
 
@@ -144,17 +144,17 @@ LIMIT 1",
                                SEND_EMAIL($DATA['sender'], MEMBER_ORDER_REJECTED, $msg_user);
 
                                // If you do not enter an URL to redirect to, your URL will be set!
-                               if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = constant('URL');
+                               if ((!REQUEST_ISSET_POST(('redirect'))) || (REQUEST_POST('redirect') == "http://")) REQUEST_SET_POST('redirect', constant('URL'));
 
                                // Redirect URL
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1",
-                                       array($_POST['redirect'], $id),__FILE__, __LINE__);
+                                       array(REQUEST_POST('redirect'), $id),__FILE__, __LINE__);
 
                                // Prepare data for the row template
                                $content = array(
                                        'sw'  => $SW,
                                        'id'  => $id,
-                                       'url' => $_POST['url'][$id],
+                                       'url' => REQUEST_POST('url', $id),
                                );
 
                                // Load row template and switch colors
@@ -169,9 +169,9 @@ LIMIT 1",
                        // Nothing selected
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MAILS_NOTHING_CHECKED'));
                }
-       } elseif ((isset($_POST['lock'])) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) {
+       } elseif ((REQUEST_ISSET_POST(('lock'))) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) {
                // Lock URLs
-               foreach ($_POST['sel'] as $id => $url) {
+               foreach (REQUEST_POST('sel') as $id => $url) {
                        // Secure id number
                        $id = bigintval($id);
 
@@ -190,7 +190,7 @@ LIMIT 1",
 
                // Output message
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URLS_BLOCKED'));
-       } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject'])) && (getConfig('url_blacklist') == "Y")) {
+       } elseif ((!REQUEST_ISSET_POST(('lock'))) && (!REQUEST_ISSET_POST(('accept'))) && (!REQUEST_ISSET_POST(('reject'))) && (getConfig('url_blacklist') == "Y")) {
                // Mail orders are in pool so we can display them
                $SW = 2; $OUT = "";
                while ($content = SQL_FETCHARRAY($result_main)) {
@@ -227,7 +227,7 @@ LIMIT 1",
 
                // Load main template
                LOAD_TEMPLATE("admin_unlock_emails");
-       } elseif ((isset($_POST['lock'])) && (getConfig('url_blacklist') != "Y")) {
+       } elseif ((REQUEST_ISSET_POST(('lock'))) && (getConfig('url_blacklist') != "Y")) {
                // URL blacklist not activated
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URL_BLACKLIST_DISABLED'));
        } else {
index a4c552c97c0e0a71d63f67082dab01ac06a14177..9867936bb89ab294879bf35df5794dae8ba52cb5 100644 (file)
@@ -41,11 +41,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Check if admin has submitted form
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Does he have selected at least one sponsor?
-       if (SELECTION_COUNT($_POST['id']) > 0) {
+       if (SELECTION_COUNT(REQUEST_POST('id')) > 0) {
                // At least one entry selected
-               foreach ($_POST['id'] as $id => $sel) {
+               foreach (REQUEST_POST('id') as $id => $sel) {
                        // Secure ID number
                        $id = bigintval($id);
 
index 3e52edd27e8f8f175f10aa641f614b82c32e1c48..8ce2a2a8a0d9e8e14dbc40aa38db8c6a4f175712 100644 (file)
@@ -41,18 +41,18 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Is the form sent?
-if ((isset($_POST['unlock'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) {
+if ((REQUEST_ISSET_POST(('unlock'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) {
        // Unlock selected URLs
-       if (SURFBAR_ADMIN_UNLOCK_URL_IDS($_POST['id'])) {
+       if (SURFBAR_ADMIN_UNLOCK_URL_IDS(REQUEST_POST('id'))) {
                // Unlock done! :-)
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_DONE'));
        } else {
                // Unlock failed!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_FAILED'));
        }
-} elseif ((isset($_POST['reject'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('reject'))) && (is_array(REQUEST_POST('id'))) && (count(REQUEST_POST('id')) > 0)) {
        // Reject selected URLs
-       if (SURFBAR_ADMIN_REJECT_URL_IDS($_POST['id'])) {
+       if (SURFBAR_ADMIN_REJECT_URL_IDS(REQUEST_POST('id'))) {
                // Unlock done! :-)
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_UNLOCK_DONE'));
        } else {
index 09da0a61ee5b991fc1c2a9ca447fe2d6f92f20ea..f211bde553b183cea2eb3b8fd52bc1e6c13235a1 100644 (file)
@@ -43,19 +43,19 @@ ADD_DESCR("admin", __FILE__);
 // Base directory (should be moved to database)
 $usage = getConfig('usage_base')."/";
 
-if (!empty($_GET['image'])) {
-       if ($_GET['type'] == "usage") {
+if (REQUEST_ISSET_GET(('image'))) {
+       if (REQUEST_GET('type') == "usage") {
                $FQFN = sprintf("%s%s/usage.png",
                        constant('PATH'),
                        getConfig('usage_base')
                );
        } else {
-               if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\"));
+               if (strpos(REQUEST_GET('image'), "\\") > 0) REQUEST_SET_GET('image', substr(REQUEST_GET('image'), 0, strpos(REQUEST_GET('image'), "\\")));
                $FQFN = sprintf("%s%s/%s_usage_%s.png",
                        constant('PATH'),
                        getConfig('usage_base'),
-                       SQL_ESCAPE($_GET['type']),
-                       SQL_ESCAPE($_GET['image'])
+                       SQL_ESCAPE(REQUEST_GET('type')),
+                       SQL_ESCAPE(REQUEST_GET('image'))
                );
        }
 
@@ -66,7 +66,7 @@ if (!empty($_GET['image'])) {
                imagedestroy($image);
        }
        exit();
-} elseif (empty($_GET['usage'])) {
+} elseif (!REQUEST_ISSET_GET(('usage'))) {
        $FQFN = sprintf("%s%s/index.html",
                constant('PATH'),
                getConfig('usage_base')
@@ -75,7 +75,7 @@ if (!empty($_GET['image'])) {
        $FQFN = sprintf("%s%s/usage_%s.html",
                constant('PATH'),
                getConfig('usage_base'),
-               SQL_ESCAPE($_GET['usage'])
+               SQL_ESCAPE(REQUEST_GET('usage'))
        );
 }
 
index 99f50fc35f3b72b26584140b2f84dc72e9d5f815..0fda63c56a1715cad9337df707d8f8921f11f562 100644 (file)
@@ -41,10 +41,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Is a user id given?
-if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
+if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) {
        // Load user data and display it
        $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
 
        // Is a user account found?
        if (SQL_NUMROWS($result) == 1) {
@@ -52,12 +52,12 @@ if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
                $content = SQL_FETCHARRAY($result);
 
                // Including user ID
-               $content['u_id'] = bigintval($_GET['u_id']);
+               $content['uid'] = bigintval(REQUEST_GET('uid'));
 
                // Shall we send the email?
-               if (isset($_POST['ok'])) {
+               if (IS_FORM_SENT()) {
                        // Insert text
-                       $content['text'] = trim(strip_tags($_POST['text']));
+                       $content['text'] = trim(strip_tags(REQUEST_POST('text')));
 
                        // Send contact form out
                        $msg = LOAD_EMAIL_TEMPLATE("member_contct", $content);
@@ -69,7 +69,7 @@ if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
                }
        } else {
                // Not found?
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(USER_ACCOUNT_404, bigintval($_GET['u_id'])));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(USER_ACCOUNT_404, bigintval(REQUEST_GET('uid'))));
        }
 
        // Free result
index 016ecc249a85f62700138a3980c5d00f1609af46..1790aeb1f174a65a864f3a3e900318121dd13543 100644 (file)
@@ -92,7 +92,7 @@ LIMIT 1",
                if (SQL_AFFECTEDROWS() == 1) $bonus = true;
        } // END - if
 
-       if (($bonus) && ($_GET['mode'] == "bonus") && (EXT_IS_ACTIVE("bonus"))) {
+       if (($bonus) && (REQUEST_GET('mode') == "bonus") && (EXT_IS_ACTIVE("bonus"))) {
                // Output message with added points
                $MSG .= "<div class=\"tiny\">
   {--BONUS_LOGIN_BONUS_ADDED_1--}
index aae2439303bb903a1ba88d9e109c88c7c38c7780..97d8c32bb6b6ffb97f4431810eff2a2d32b69ca1 100644 (file)
@@ -39,12 +39,12 @@ if (!defined('__SECURITY')) {
 
 $MODE = "guest";
 
-if (!empty($_GET['order'])) {
+if (REQUEST_ISSET_GET(('order'))) {
        // Order number placed, is he also logged in?
        if (IS_MEMBER()) {
                // Ok, test passed... :)
                $result = SQL_QUERY_ESC("SELECT subject, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
-                array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+                array(bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__);
 
                // Finally is the entry valid?
                if (SQL_NUMROWS($result) == 1) {
@@ -52,7 +52,7 @@ if (!empty($_GET['order'])) {
                        list($sub, $url) = SQL_FETCHROW($result);
 
                        // This fixes a white page
-                       $_POST['url'] = $url;
+                       REQUEST_SET_POST('url', $url);
 
                        // Mode is member
                        $MODE = "member";
@@ -69,19 +69,19 @@ if (!empty($_GET['order'])) {
        }
 }
 
-if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) {
+if ((REQUEST_ISSET_POST(('url'))) || (REQUEST_ISSET_GET(('url'))) || (REQUEST_ISSET_GET(('frame')))) {
        // Default URL is ours
        $url = constant('URL');
 
        // Decode URL if set in GET parameters
-       if (!empty($_GET['url']))  $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode($_GET['url']))));
+       if (REQUEST_ISSET_GET(('url')))  $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url')))));
 
        // Use URL from POST data if set
-       if (!empty($_POST['url'])) $url = $_POST['url'];
+       if (REQUEST_ISSET_POST(('url'))) $url = REQUEST_POST('url');
 
        // Add missing element
        $frame = "";
-       if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']);
+       if (REQUEST_ISSET_GET(('frame'))) $frame = SQL_ESCAPE(REQUEST_GET('frame'));
        switch ($frame)
        {
        case "":
@@ -89,7 +89,7 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame'])
                {
                case "member":
                        // Build frameset
-                       define('__ORDER_VALUE', bigintval($_GET['order']));
+                       define('__ORDER_VALUE', bigintval(REQUEST_GET('order')));
                        define('__URL_VALUE'  , DEREFERER($url));
                        LOAD_TEMPLATE("member_order_frametester");
                        break;
@@ -106,11 +106,11 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame'])
                break;
 
        case "back": // Back buttom
-               LOAD_TEMPLATE("member_order_back", false, $_GET['order']);
+               LOAD_TEMPLATE("member_order_back", false, REQUEST_GET('order'));
                break;
 
        case "send": // Send mail away
-               LOAD_TEMPLATE("member_order_send", false, $_GET['order']);
+               LOAD_TEMPLATE("member_order_send", false, REQUEST_GET('order'));
                break;
        }
 } else {
index a41e757126850fdaed65ca66ab5bac97d209d71e..f0748ce729063e80e286938f8ca890345883eda3 100644 (file)
@@ -40,20 +40,20 @@ if (!defined('__SECURITY')) {
 // Add description as navigation point
 ADD_DESCR("guest", __FILE__);
 
-if (!empty($_GET['hash'])) {
+if (REQUEST_ISSET_GET(('hash'))) {
        // Initialize the user ID
        $uid = 0;
 
        // Search for an unconfirmed or confirmed account
        $result = SQL_QUERY_ESC("SELECT userid, email, refid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE user_hash='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1",
-               array($_GET['hash']), __FILE__, __LINE__);
+               array(REQUEST_GET('hash')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Ok, he want's to confirm now so we load some data
                list ($uid, $email, $rid) = SQL_FETCHROW($result);
 
                // Unlock his account (but only when it is on UNCONFIRMED!)
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `status`='CONFIRMED', ref_payout=%s, user_hash=NULL WHERE user_hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
-                       array(getConfig('ref_payout'), $_GET['hash']), __FILE__, __LINE__);
+                       array(getConfig('ref_payout'), REQUEST_GET('hash')), __FILE__, __LINE__);
                if (SQL_AFFECTEDROWS() == 1) {
                        $msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => getConfig('points_register')), bigintval($uid));
 
@@ -132,10 +132,10 @@ if (!empty($_GET['hash'])) {
                define('__UID', "0");
                LOAD_TEMPLATE("guest_confirm_table");
        }
-} elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('email')))) {
        // Confirmation link requested      0     1         2
        $result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `{!_MYSQL_PREFIX!}_user_data` WHERE email='%s' LIMIT 1",
-               array($_POST['email']), __FILE__, __LINE__);
+               array(REQUEST_POST('email')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Email address found
                $DATA = SQL_FETCHROW($result);
@@ -143,7 +143,7 @@ if (!empty($_GET['hash'])) {
                {
                case "UNCONFIRMED": // Account not confirmed
                        $msg = LOAD_EMAIL_TEMPLATE("guest_request_confirm", array('hash' => $DATA[2]), $DATA[0]);
-                       SEND_EMAIL($_POST['email'], getMessage('REQUEST_CONFIRM_LINK_SUBJ'), $msg);
+                       SEND_EMAIL(REQUEST_POST('email'), getMessage('REQUEST_CONFIRM_LINK_SUBJ'), $msg);
                        $content = getMessage('CONFIRM_LINK_SENT');
                        break;
 
index cd575419ea0ab085828403e2a57c63c62113c89d..4a2f2a233ef16b2557cd61d2eec6ed50afd2c070 100644 (file)
@@ -58,46 +58,46 @@ $ADD = "";
 if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
        // Maybe, then continue with it
        $uid = $GLOBALS['userid'];
-} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) {
+} elseif ((REQUEST_ISSET_POST(('id'))) && (REQUEST_ISSET_POST(('password'))) && (IS_FORM_SENT())) {
        // Set userid and crypt password when login data was submitted
-       if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) {
+       if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID(REQUEST_POST('id')))) {
                // Nickname entered
-               $uid = SQL_ESCAPE($_POST['id']);
+               $uid = SQL_ESCAPE(REQUEST_POST('id'));
        } else {
                // Direct userid entered
-               $uid  = bigintval($_POST['id']);
+               $uid  = bigintval(REQUEST_POST('id'));
        }
-} elseif (!empty($_POST['new_pass'])) {
+} elseif (REQUEST_ISSET_POST(('new_pass'))) {
        // New password requested
        $uid = 0;
-       if (!empty($_POST['id'])) $uid = $_POST['id'];
+       if (REQUEST_ISSET_POST(('id'))) $uid = REQUEST_POST('id');
 } else {
        // Not logged in
        $uid = 0; $hash = "";
 }
 
 // Set unset variables
-if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";
-if (empty($_GET['login']))     $_GET['login']     = "";
+if (!REQUEST_ISSET_POST(('new_pass'))) REQUEST_SET_POST('new_pass', "");
+if (!REQUEST_ISSET_GET(('login')))     REQUEST_SET_GET('login'    , "");
 
 if (IS_MEMBER()) {
        // Login immidiately...
        $URL = "modules.php?module=login";
-} elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) {
+} elseif ((IS_FORM_SENT()) && ("".$uid."" != "".REQUEST_POST('id')."")) {
        // Invalid input (no nickname extension installed but nickname entered)
        $ERROR = constant('CODE_EXTENSION_PROBLEM');
-} elseif (isset($_POST['ok'])) {
+} elseif (IS_FORM_SENT()) {
        // Try the login (see inc/libs/user_functions.php)
-       $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']);
-} elseif ((!empty($_POST['new_pass'])) && (isset($uid))) {
+       $URL = USER_DO_LOGIN(REQUEST_POST('id'), REQUEST_POST('password'));
+} elseif ((REQUEST_ISSET_POST(('new_pass'))) && (isset($uid))) {
        // Try the userid/email lookup (see inc/libs/user_functions.php)
-       $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid);
+       $ERROR = USER_DO_NEW_PASSWORD(REQUEST_POST('email'), $uid);
 }
 
 // Login problems?
-if (!empty($_GET['login'])) {
+if (REQUEST_ISSET_GET(('login'))) {
        // Use code from URL
-       $ERROR = SQL_ESCAPE($_GET['login']);
+       $ERROR = SQL_ESCAPE(REQUEST_GET('login'));
 } // END  - if
 
 // Login problems?
index 422fbf778726b68e83569b4d65fc56a59f78bb9e..def32b4b4151b7c14f582cd89ac7579987fc8ab2 100644 (file)
@@ -47,25 +47,27 @@ global $DATA;
 
 // Initialize variables
 $FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;
-if (!isset($_POST['ok']))          unset($_POST['ok']);
-if (empty($_POST['agree']))        $_POST['agree']        = "";
-if (empty($_POST['addy']))         $_POST['addy']         = "";
-if (empty($_POST['surname']))      $_POST['surname']      = "";
-if (empty($_POST['family_name']))  $_POST['family_name']  = "";
-if (empty($_POST['pass1']))        $_POST['pass1']        = "";
-if (empty($_POST['pass2']))        $_POST['pass2']        = "";
-if (empty($_POST['day']))          $_POST['day']          = "";
-if (empty($_POST['month']))        $_POST['month']        = "";
-if (empty($_POST['year']))         $_POST['year']         = "";
-if (empty($_POST['max_mails']))    $_POST['max_mails']    = "";
-if (empty($_POST['street_nr']))    $_POST['street_nr']    = "";
-if (empty($_POST['zip']))          $_POST['zip']          = "";
-if (empty($_POST['city']))         $_POST['city']         = "";
-if (empty($_POST['cntry']))        $_POST['cntry']        = "";
-if (empty($_POST['country_code'])) $_POST['country_code'] = "1";
+
+if (!IS_FORM_SENT()) REQUEST_UNSET_POST('ok');
+
+if (!REQUEST_ISSET_POST(('agree')))        REQUEST_SET_POST('agree'       , "");
+if (!REQUEST_ISSET_POST(('addy')))         REQUEST_SET_POST('addy'        , "");
+if (!REQUEST_ISSET_POST(('surname')))      REQUEST_SET_POST('surname'     , "");
+if (!REQUEST_ISSET_POST(('family')))       REQUEST_SET_POST('family'      , "");
+if (!REQUEST_ISSET_POST(('pass1')))        REQUEST_SET_POST('pass1'       , "");
+if (!REQUEST_ISSET_POST(('pass2')))        REQUEST_SET_POST('pass2'       , "");
+if (!REQUEST_ISSET_POST(('day')))          REQUEST_SET_POST('day'         , "");
+if (!REQUEST_ISSET_POST(('month')))        REQUEST_SET_POST('month'       , "");
+if (!REQUEST_ISSET_POST(('year')))         REQUEST_SET_POST('year'        , "");
+if (!REQUEST_ISSET_POST(('max_mails')))    REQUEST_SET_POST('max_mails'   , "");
+if (!REQUEST_ISSET_POST(('street_nr')))    REQUEST_SET_POST('street_nr'   , "");
+if (!REQUEST_ISSET_POST(('zip')))          REQUEST_SET_POST('zip'         , "");
+if (!REQUEST_ISSET_POST(('city')))         REQUEST_SET_POST('city'        , "");
+if (!REQUEST_ISSET_POST(('cntry')))        REQUEST_SET_POST('cntry'       , "");
+if (!REQUEST_ISSET_POST(('country_code'))) REQUEST_SET_POST('country_code', "1");
 
 // Default refid is zero
-$_POST['refid'] = 0;
+REQUEST_SET_POST('refid', 0);
 if ($GLOBALS['refid'] > 0) {
        // Test if the refid is valid
        $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
@@ -75,57 +77,57 @@ if ($GLOBALS['refid'] > 0) {
        //* DEBUG: */ die("refid={$GLOBALS['refid']}/numRows=".SQL_NUMROWS($result)."");
        if (SQL_NUMROWS($result) == 0) {
                // Not found so we set your refid!
-               $_POST['refid'] = getConfig('def_refid');
+               REQUEST_SET_POST('refid', getConfig('def_refid'));
                set_session('refid', getConfig('def_refid'));
        } else {
                // Use the refid here
-               $_POST['refid'] = $GLOBALS['refid'];
+               REQUEST_SET_POST('refid', $GLOBALS['refid']);
        }
 } // END - if
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // First we only check the submitted data then we continue... :)
        //
        // Did he agree to our Terms Of Usage?
-       if ($_POST['agree'] != "Y") {
-               $_POST['agree'] = "!";
+       if (REQUEST_POST('agree') != "Y") {
+               REQUEST_SET_POST('agree', "!");
                $FAILED = true;
        } // END - if
 
        // Did he enter a valid email address? (we really don't care about
        // that, he has to click on a confirmation link :P )
-       if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy']))) {
-               $_POST['addy'] = "!";
+       if ((!REQUEST_ISSET_POST(('addy'))) || (!VALIDATE_EMAIL(REQUEST_POST('addy')))) {
+               REQUEST_SET_POST('addy', "!");
                $FAILED = true;
        } // END - if
 
        // And what about surname and family's name?
-       if (empty($_POST['surname'])) {
-               $_POST['surname'] = "!";
+       if (!REQUEST_ISSET_POST(('surname'))) {
+               REQUEST_SET_POST('surname', "!");
                $FAILED = true;
        } // END - if
-       if (empty($_POST['family_name'])) {
-               $_POST['family_name'] = "!";
+       if (!REQUEST_ISSET_POST(('family'))) {
+               REQUEST_SET_POST('family', "!");
                $FAILED = true;
        } // END - if
 
        // Check for required fields
-       if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);
+       if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS(REQUEST_POST_ARRAY());
 
        // Did he enter his password twice?
-       if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) {
-               if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
-                       $_POST['pass1'] = "!";
-                       $_POST['pass2'] = "!";
+       if (((!REQUEST_ISSET_POST(('pass1'))) || (!REQUEST_ISSET_POST(('pass2')))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))))) {
+               if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
+                       REQUEST_SET_POST('pass1', "!");
+                       REQUEST_SET_POST('pass2', "!");
                } else {
-                       if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }
-                       if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }
+                       if (!REQUEST_ISSET_POST(('pass1'))) { REQUEST_SET_POST('pass1', "!"); } else { REQUEST_SET_POST('pass1' ""); }
+                       if (!REQUEST_ISSET_POST(('pass2'))) { REQUEST_SET_POST('pass2', "!"); } else { REQUEST_SET_POST('pass2' ""); }
                }
                $FAILED = true;
        } // END - if
 
        // Is the password long enouth?
-       if ((strlen($_POST['pass1']) < getConfig('pass_len')) && (!$FAILED)) {
+       if ((strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) && (!$FAILED)) {
                $SHORT_PASS = true;
                $FAILED = true;
        } // END - if
@@ -133,7 +135,7 @@ if (isset($_POST['ok'])) {
        // No admin? Admins can always register!
        if (!IS_ADMIN()) {
                // Do this check only when no admin is logged in
-               foreach ($_POST['cat'] as $id => $answer) {
+               foreach (REQUEST_POST('cat') as $id => $answer) {
                        if ($answer == "Y") $cats++;
                } // END - foreach
 
@@ -143,10 +145,10 @@ if (isset($_POST['ok'])) {
                } // END - if
        } // END - if
 
-       if (($_POST['addy'] != "!") && (getConfig('check_double_email') == "Y")) {
+       if ((REQUEST_POST('addy') != "!") && (getConfig('check_double_email') == "Y")) {
                // Does the email address already exists in our database?
-               $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
-               if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }
+               $CHK = SEARCH_EMAIL_USERTAB(REQUEST_POST('addy'));
+               if ($CHK) { REQUEST_SET_POST('addy', "?"); $FAILED = true; }
        } // END - if
 
        // Check for IP timeout?
@@ -166,10 +168,10 @@ if (isset($_POST['ok'])) {
        SQL_FREERESULT($result);
 }
 
-if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) {
+if ((IS_FORM_SENT()) && ((!$FAILED) || (IS_ADMIN()))) {
        // Prepapre month and day of birth
-       if (strlen($_POST['day'])   == 1) $_POST['day']   = "0".$_POST['day'];
-       if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];
+       if (strlen(REQUEST_POST('day'))   == 1) REQUEST_POST('day')   = "0".REQUEST_POST('day');
+       if (strlen(REQUEST_POST('month')) == 1) REQUEST_SET_POST('month', "0".REQUEST_POST('month'));
 
        // Get total ...
        // ... confirmed, ...
@@ -180,7 +182,7 @@ if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) {
        $lockedUsers      = GET_TOTAL_DATA("LOCKED", "user_data", "userid", "status", true);
 
        // Generate hash which will be inserted into confirmation mail
-       $hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".$_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER));
+       $hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".REQUEST_POST('month')."-".REQUEST_POST('day')."-".REQUEST_POST('year').":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER));
 
        // Add design when extension sql_patches is v0.2.7 or greater
        $ADD1 = ""; $ADD2 = "";
@@ -215,11 +217,11 @@ if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) {
        if (EXT_IS_ACTIVE("country")) {
                // Save with new selectable country code
                $countryRow = "country_code";
-               $countryData = bigintval($_POST['country_code']);
+               $countryData = bigintval(REQUEST_POST('country_code'));
        } else {
                // Old way with enterable two-char-code
                $countryRow = "country";
-               $countryData = substr($_POST['cntry'], 0, 2);
+               $countryData = substr(REQUEST_POST('cntry'), 0, 2);
        }
 
        //////////////////////////////
@@ -230,21 +232,21 @@ if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) {
 VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
        array(
                $countryRow,
-               substr($_POST['gender'], 0, 1),
-               $_POST['surname'],
-               $_POST['family_name'],
-               $_POST['street_nr'],
+               substr(REQUEST_POST('gender'), 0, 1),
+               REQUEST_POST('surname'),
+               REQUEST_POST('family'),
+               REQUEST_POST('street_nr'),
                $countryData,
-               bigintval($_POST['zip']),
-               $_POST['city'],
-               $_POST['addy'],
-               bigintval($_POST['day']),
-               bigintval($_POST['month']),
-               bigintval($_POST['year']),
-               generateHash($_POST['pass1']),
-               bigintval($_POST['max_mails']),
-               bigintval($_POST['max_mails']),
-               bigintval($_POST['refid']),
+               bigintval(REQUEST_POST('zip')),
+               REQUEST_POST('city'),
+               REQUEST_POST('addy'),
+               bigintval(REQUEST_POST('day')),
+               bigintval(REQUEST_POST('month')),
+               bigintval(REQUEST_POST('year')),
+               generateHash(REQUEST_POST('pass1')),
+               bigintval(REQUEST_POST('max_mails')),
+               bigintval(REQUEST_POST('max_mails')),
+               bigintval(REQUEST_POST('refid')),
                $hash,
                GET_REMOTE_ADDR(),
        ), __FILE__, __LINE__);
@@ -283,8 +285,8 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        } // END - if
 
        // Write catgories
-       if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
-               foreach ($_POST['cat'] as $cat => $joined) {
+       if ((is_array(REQUEST_POST('cat'))) && (count(REQUEST_POST('cat')))) {
+               foreach (REQUEST_POST('cat') as $cat => $joined) {
                        if ($joined == "Y") {
                                // Insert category entry
                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_cats` (userid, cat_id) VALUES (%s, %s)",
@@ -294,28 +296,28 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        } // END - if
 
        // Rewrite gender
-       $gender = TRANSLATE_GENDER($_POST['gender']);
+       $gender = TRANSLATE_GENDER(REQUEST_POST('gender'));
 
        // ... rewrite a zero referal ID to the main title
-       if ($_POST['refid'] == "0") $_POST['refid'] = constant('MAIN_TITLE');
+       if (REQUEST_POST('refid') == "0") REQUEST_SET_POST('refid', constant('MAIN_TITLE'));
 
        // Is ZIP code set?
-       if (!empty($_POST['zip'])) {
+       if (REQUEST_ISSET_POST(('zip'))) {
                // Prepare data array for the email template
                // Start with the gender...
                $DATA = array(
                        'hash'    => $hash,
                        'uid'     => $userid,
                        'gender'  => $gender,
-                       'surname' => SQL_ESCAPE($_POST['surname']),
-                       'family'  => SQL_ESCAPE($_POST['family_name']),
-                       'email'   => SQL_ESCAPE($_POST['addy']),
-                       'street'  => SQL_ESCAPE($_POST['street_nr']),
-                       'city'    => SQL_ESCAPE($_POST['city']),
-                       'zip'     => bigintval($_POST['zip']),
+                       'surname' => SQL_ESCAPE(REQUEST_POST('surname')),
+                       'family'  => SQL_ESCAPE(REQUEST_POST('family')),
+                       'email'   => SQL_ESCAPE(REQUEST_POST('addy')),
+                       'street'  => SQL_ESCAPE(REQUEST_POST('street_nr')),
+                       'city'    => SQL_ESCAPE(REQUEST_POST('city')),
+                       'zip'     => bigintval(REQUEST_POST('zip')),
                        'country' => $countryData,
-                       'refid'   => SQL_ESCAPE($_POST['refid']),
-                       'pass'    => SQL_ESCAPE($_POST['pass1']),
+                       'refid'   => SQL_ESCAPE(REQUEST_POST('refid')),
+                       'pass'    => SQL_ESCAPE(REQUEST_POST('pass1')),
                );
        } else {
                // No ZIP code entered
@@ -323,15 +325,15 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
                        'hash'    => $hash,
                        'uid'     => $userid,
                        'gender'  => $gender,
-                       'surname' => SQL_ESCAPE($_POST['surname']),
-                       'family'  => SQL_ESCAPE($_POST['family_name']),
-                       'email'   => SQL_ESCAPE($_POST['addy']),
-                       'street'  => SQL_ESCAPE($_POST['street_nr']),
-                       'city'    => SQL_ESCAPE($_POST['city']),
+                       'surname' => SQL_ESCAPE(REQUEST_POST('surname')),
+                       'family'  => SQL_ESCAPE(REQUEST_POST('family')),
+                       'email'   => SQL_ESCAPE(REQUEST_POST('addy')),
+                       'street'  => SQL_ESCAPE(REQUEST_POST('street_nr')),
+                       'city'    => SQL_ESCAPE(REQUEST_POST('city')),
                        'zip'     => "",
                        'country' => $countryData,
-                       'refid'   => SQL_ESCAPE($_POST['refid']),
-                       'pass'    => SQL_ESCAPE($_POST['pass1']),
+                       'refid'   => SQL_ESCAPE(REQUEST_POST('refid')),
+                       'pass'    => SQL_ESCAPE(REQUEST_POST('pass1')),
                );
        }
 
@@ -339,11 +341,11 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        switch (GET_LANGUAGE())
        {
        case "de":
-               $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']);
+               $DATA['birthday'] = bigintval(REQUEST_POST('day')).".".bigintval(REQUEST_POST('month')).".".bigintval(REQUEST_POST('year'));
                break;
 
        default:
-               $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
+               $DATA['birthday'] = bigintval(REQUEST_POST('month'))."/".bigintval(REQUEST_POST('day'))."/".bigintval(REQUEST_POST('year'));
                break;
        }
 
@@ -361,33 +363,33 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        // Output success registration
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('REGISTRATION_DONE'));
 } else {
-       if ($_POST['agree'] == "!") {
+       if (REQUEST_POST('agree') == "!") {
                OUTPUT_HTML("<div class=\"register_failed\">{--HAVE_TO_AGREE--}</div>");
        } // END - if
 
-       if ($_POST['addy'] == "!") {
+       if (REQUEST_POST('addy') == "!") {
                OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_EMAIL--}</div>");
-               $_POST['addy'] = "";
-       } elseif ($_POST['addy'] == "?") {
+               REQUEST_SET_POST('addy', "");
+       } elseif (REQUEST_POST('addy') == "?") {
                OUTPUT_HTML("<div class=\"register_failed\">{--EMAIL_ALREADY_DB--}</div>");
-               $_POST['addy'] = "";
+               REQUEST_SET_POST('addy', "");
        }
 
-       if ($_POST['surname'] == "!") {
+       if (REQUEST_POST('surname') == "!") {
                OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_SURNAME--}</div>");
-               $_POST['surname'] = "";
+               REQUEST_SET_POST('surname', "");
        } // END - if
 
-       if ($_POST['family_name'] == "!") {
+       if (REQUEST_POST('family') == "!") {
                OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_FAMILY--}</div>");
-               $_POST['family_name'] = "";
+               REQUEST_SET_POST('family', "");
        } // END - if
 
-       if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!")) {
+       if ((REQUEST_POST('pass1') == "!") && (REQUEST_POST('pass2') == "!")) {
                OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_BOTH_PASSWORDS--}</div>");
-       } elseif ($_POST['pass1'] == "!") {
+       } elseif (REQUEST_POST('pass1') == "!") {
                OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_PASS1--}</div>");
-       } elseif ($_POST['pass2'] == "!") {
+       } elseif (REQUEST_POST('pass2') == "!") {
                OUTPUT_HTML("<div class=\"register_failed\">{--ENTER_PASS2--}</div>");
        }
 
@@ -407,11 +409,11 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        switch (GET_LANGUAGE())
        {
        case "de": // German date format
-               define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));
+               define('BIRTHDAY_SELECTION', ADD_SELECTION("day", REQUEST_POST('day')).ADD_SELECTION("month", REQUEST_POST('month')).ADD_SELECTION("year", REQUEST_POST('year')));
                break;
 
        default: // Default is the US date format... :)
-               define('BIRTHDAY_SELECTION', ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("year", $_POST['year']));
+               define('BIRTHDAY_SELECTION', ADD_SELECTION("month", REQUEST_POST('month')).ADD_SELECTION("day", REQUEST_POST('day')).ADD_SELECTION("year", REQUEST_POST('year')));
                break;
        }
 
@@ -437,17 +439,17 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        define('LEAST_CATS_VALUE', getConfig('least_cats'));
 
        // Other values
-       define('__SURNAME', SQL_ESCAPE($_POST['surname']));
-       define('__FAMILY',  SQL_ESCAPE($_POST['family_name']));
-       define('__STREET',  SQL_ESCAPE($_POST['street_nr']));
-       define('__COUNTRY', SQL_ESCAPE($_POST['cntry']));
-       if (!empty($_POST['zip'])) {
-               define('__ZIP', bigintval($_POST['zip']));
+       define('__SURNAME', SQL_ESCAPE(REQUEST_POST('surname')));
+       define('__FAMILY',  SQL_ESCAPE(REQUEST_POST('family')));
+       define('__STREET',  SQL_ESCAPE(REQUEST_POST('street_nr')));
+       define('__COUNTRY', SQL_ESCAPE(REQUEST_POST('cntry')));
+       if (REQUEST_ISSET_POST(('zip'))) {
+               define('__ZIP', bigintval(REQUEST_POST('zip')));
        } else {
                define('__ZIP', "");
        }
-       define('__CITY',    SQL_ESCAPE($_POST['city']));
-       define('__ADDY',    SQL_ESCAPE($_POST['addy']));
+       define('__CITY',    SQL_ESCAPE(REQUEST_POST('city')));
+       define('__ADDY',    SQL_ESCAPE(REQUEST_POST('addy')));
 
        // Shall I add a counrty selection box or the old input box?
        if (EXT_IS_ACTIVE("country")) {
@@ -455,7 +457,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
                $OUT  = "<select name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
                $whereStatement = "WHERE is_active='Y'";
                if (IS_ADMIN()) $whereStatement = "";
-               $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $whereStatement);
+               $OUT .= ADD_OPTION_LINES("countries", "id", "descr", REQUEST_POST('country_code'), "code", $whereStatement);
                $OUT .= "</select>";
                define('__COUNTRY_CONTENT', $OUT);
        } else {
index bd05f92770e5e2c1bcd32190e4d776633910bf64..b7d9dbd08e4ccc5dddb3eec44b6d8e35755f37c2 100644 (file)
@@ -43,9 +43,9 @@ if (!defined('__SECURITY')) {
 ADD_DESCR("guest", __FILE__);
 
 $MODE = "";
-if (!empty($_GET['mode'])) {
+if (REQUEST_ISSET_GET(('mode'))) {
        // A "special" mode of the login system was requested
-       switch ($_GET['mode'])
+       switch (REQUEST_GET('mode'))
        {
                case "activate" : $MODE = "activate";  break; // Activation link requested
                case "lost_pass": $MODE = "lost_pass"; break; // Request new password
@@ -53,7 +53,7 @@ if (!empty($_GET['mode'])) {
 } // END - if
 
 // Check if hash for confirmation of email address is given...
-if (!empty($_GET['hash'])) {
+if (REQUEST_ISSET_GET(('hash'))) {
        // Lookup sponsor
        $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
 company, position, tax_ident,
@@ -61,7 +61,7 @@ street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
 points_amount AS points, last_pay AS pay, last_curr AS curr
 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
-LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
+LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Sponsor found, load his data...
                $SPONSOR = SQL_FETCHARRAY($result);
@@ -76,7 +76,7 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
                        // Set account to pending
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
 WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
 
                        // Check on success
                        if (SQL_AFFECTEDROWS() == 1) {
@@ -97,7 +97,7 @@ WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
                        // Changed email adress need to be confirmed
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
 WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
 
                        // Check on success 
                        if (SQL_AFFECTEDROWS() == 1) {
@@ -120,17 +120,17 @@ WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
        SQL_FREERESULT($result);
 } elseif ($MODE == "activate") {
        // Send activation link again
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Check submitted data
-               if (empty($_POST['email'])) unset($_POST['ok']);
+               if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
        }
 
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Check email
                $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
-                       array($_POST['email']), __FILE__, __LINE__);
+                       array(REQUEST_POST('email')), __FILE__, __LINE__);
 
                // Entry found?
                if (SQL_NUMROWS($result) == 1) {
@@ -149,7 +149,7 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
                                // Confirmed email address
                                $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
                        }
-                       SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+                       SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 
                        // Output message
                        LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
@@ -166,17 +166,17 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
        }
 } elseif ($MODE == "lost_pass") {
        // Send new password
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Check submitted data
-               if (empty($_POST['email'])) unset($_POST['ok']);
+               if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
        } // END - if
 
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Check email
                $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
-                       array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
+                       array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
                // Entry found?
                if (SQL_NUMROWS($result) == 1) {
                        // Unconfirmed sponsor account found so let's load the requested data
@@ -191,7 +191,7 @@ WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
 
                        // Prepare email and send it to the sponsor
                        $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
-                       SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+                       SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 
                        // Update password
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
@@ -211,18 +211,18 @@ WHERE id='%s' LIMIT 1",
                // Load form
                LOAD_TEMPLATE("guest_sponsor_lost");
        }
-} elseif (isset($_POST['ok'])) {
+} elseif (IS_FORM_SENT()) {
        // Check status and login data ...
        $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE id='%s' AND password='%s' LIMIT 1",
array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
              array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
                list($status) = SQL_FETCHROW($result);
                if ($status == "CONFIRMED") {
                        // Is confirmed so both is fine and we can continue with login procedure
-                       $login = ((set_session('sponsorid'  , bigintval($_POST['sponsorid']))) &&
-                                 (set_session('sponsorpass', md5($_POST['pass'])           ))
+                       $login = ((set_session('sponsorid'  , bigintval(REQUEST_POST('sponsorid')))) &&
+                                 (set_session('sponsorpass', md5(REQUEST_POST('pass'))           ))
                        );
 
                        if ($login) {
index 65afc5ef8ba83f89da34f11826d7429b1e9f4410..ceb9c6638c2c6d8b1c51f8c531f529dc0b4f1a66 100644 (file)
@@ -45,153 +45,153 @@ ADD_DESCR("guest", __FILE__);
 // Create array for form errors (= missing data)
 $FORM_ERRORS = array();
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        //
        // Check submitted form data
        //
        // 1. Salutation / Surname / family name
-       if (empty($_POST['gender'])) {
+       if (!REQUEST_ISSET_POST(('gender'))) {
                // Surname is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_NO_GENDER_SELECTED');
        }
 
-       if (empty($_POST['surname'])) {
+       if (!REQUEST_ISSET_POST(('surname'))) {
                // Surname is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_SURNAME_IS_EMPTY');
        }
 
-       if (empty($_POST['family'])) {
+       if (!REQUEST_ISSET_POST(('family'))) {
                // Surname is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_FAMILY_IS_EMPTY');
        }
 
        // 2. Company name
        // 012     3                 32    23      4                   43    3      4                  4321    12      3                 32    2     3                   3210
-       if (((empty($_POST['company'])) && ((!empty($_POST['tax_ident'])) || (!empty($_POST['position'])))) || ((!empty($_POST['company'])) && (empty($_POST['tax_ident'])))) {
-               if (empty($_POST['company'])) {
+       if (((!REQUEST_ISSET_POST(('company'))) && ((REQUEST_ISSET_POST(('tax_ident'))) || (REQUEST_ISSET_POST(('position'))))) || ((REQUEST_ISSET_POST(('company'))) && (!REQUEST_ISSET_POST(('tax_ident'))))) {
+               if (!REQUEST_ISSET_POST(('company'))) {
                        // Company name is empty
                        $FORM_ERRORS[] = getMessage('SPONSOR_COMPANY_IS_EMPTY');
-               } elseif (empty($_POST['tax_ident'])) {
+               } elseif (!REQUEST_ISSET_POST(('tax_ident'))) {
                        // Tax ident number name is empty
                        $FORM_ERRORS[] = getMessage('SPONSOR_TAX_IDENT_IS_EMPTY');
                }
 
-               if (empty($_POST['position'])) {
+               if (!REQUEST_ISSET_POST(('position'))) {
                        // Not fatal but not nice: position in company is empty
                        $FORM_ERRORS[] = getMessage('SPONSOR_POSITION_IS_EMPTY');
                }
        }
 
        // 3. Street and number
-       if (empty($_POST['street_nr1'])) {
+       if (!REQUEST_ISSET_POST(('street_nr1'))) {
                // Street name and house number are empty
                $FORM_ERRORS[] = getMessage('SPONSOR_STREET_NR1_IS_EMPTY');
-       } elseif ((!empty($_POST['street_nr2'])) && (empty($_POST['street_nr1']))) {
+       } elseif ((REQUEST_ISSET_POST(('street_nr2'))) && (!REQUEST_ISSET_POST(('street_nr1')))) {
                // 1st line for street is empty, but 2nd line not
                $FORM_ERRORS[] = getMessage('SPONSOR_STREET_NR1_IS_EMPTY_2_NOT');
        }
 
        // 4. Country code
-       if (empty($_POST['country'])) {
+       if (!REQUEST_ISSET_POST(('country'))) {
                // Country code is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_COUNTRY_IS_EMPTY');
-       } elseif (strlen($_POST['country']) != 2) {
+       } elseif (strlen(REQUEST_POST('country')) != 2) {
                // Country code is invalid
                $FORM_ERRORS[] = getMessage('SPONSOR_COUNTRY_IS_INVALID');
        }
 
        // 3. ZIP code
-       if (empty($_POST['zip'])) {
+       if (!REQUEST_ISSET_POST(('zip'))) {
                // ZIP code is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_ZIP_IS_EMPTY');
-       } elseif (bigintval($_POST['zip']) != $_POST['zip']) {
+       } elseif (bigintval(REQUEST_POST('zip')) != REQUEST_POST('zip')) {
                // ZIP is invalid
                $FORM_ERRORS[] = getMessage('SPONSOR_ZIP_IS_INVALID');
-               $_POST['zip'] = "";
+               REQUEST_SET_POST('zip', "");
        }
 
        // 4. City
-       if (empty($_POST['city'])) {
+       if (!REQUEST_ISSET_POST(('city'))) {
                // City is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_CITY_IS_EMPTY');
        }
 
        // 5. Phone number
-       if (empty($_POST['phone'])) {
+       if (!REQUEST_ISSET_POST(('phone'))) {
                // City is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_PHONE_IS_EMPTY');
        }
 
        // 6. Homepage URL
-       if (empty($_POST['url'])) {
+       if (!REQUEST_ISSET_POST(('url'))) {
                // Homepage URL is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_URL_IS_EMPTY');
-       } elseif (!VALIDATE_URL($_POST['url'])) {
+       } elseif (!VALIDATE_URL(REQUEST_POST('url'))) {
                // Homepage URL is invalid
                $FORM_ERRORS[] = getMessage('SPONSOR_URL_IS_INVALID');
-               $_POST['url'] = "";
+               REQUEST_SET_POST('url', "");
        }
 
        // 7. Light validation of email address
-       if ((empty($_POST['email'])) || ($_POST['email'] == "@")) {
+       if ((!REQUEST_ISSET_POST(('email'))) || (REQUEST_POST('email') == "@")) {
                // Email is invalid/empty
                $FORM_ERRORS[] = getMessage('SPONSOR_EMAIL_IS_INVALID');
-       } elseif (SPONSOR_FOUND_EMAIL_DB($_POST['email'])) {
+       } elseif (SPONSOR_FOUND_EMAIL_DB(REQUEST_POST('email'))) {
                // Email already found in database!
                $FORM_ERRORS[] = getMessage('SPONSOR_EMAIL_IS_ALREADY_REGISTERED');
-               $_POST['email'] = "";
+               REQUEST_SET_POST('email', "");
        }
 
        // 8. Pay type selected?
-       if (empty($_POST['pay_type'])) {
+       if (!REQUEST_ISSET_POST(('pay_type'))) {
                // Not pay type selected
                $FORM_ERRORS[] = getMessage('SPONSOR_NO_PAYTYPE_SELECTED');
        }
 
        // 9. Interval of mails
-       if (empty($_POST['warning_interval'])) {
+       if (!REQUEST_ISSET_POST(('warning_interval'))) {
                // No warning interval selected
                $FORM_ERRORS[] = getMessage('SPONSOR_NO_WARNING_INTERVAL_SELECTED');
        }
 
        // 10. Mail notifications disabled/enabled
-       if (empty($_POST['receive_warnings'])) {
+       if (!REQUEST_ISSET_POST(('receive_warnings'))) {
                // Option not selected!
                $FORM_ERRORS[] = getMessage('SPONSOR_NO_RECEIVE_WARNINGS_SELECTED');
        }
 
        // Did he enter his password twice?
-       if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) {
-               if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
+       if (((!REQUEST_ISSET_POST(('pass1'))) || (!REQUEST_ISSET_POST(('pass2')))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))))) {
+               if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
                        // Passwords missmatch
                        $FORM_ERRORS[] = getMessage('SPONSOR_PASSWORDS_MISMATCH');
                } else {
-                       if (empty($_POST['pass1'])) {
+                       if (!REQUEST_ISSET_POST(('pass1'))) {
                                // Password 1 is empty
                                $FORM_ERRORS[] = getMessage('SPONSOR_PASSWORD1_EMPTY');
                        }
 
-                       if (empty($_POST['pass2'])) {
+                       if (!REQUEST_ISSET_POST(('pass2'))) {
                                // Password 2 is empty
                                $FORM_ERRORS[] = getMessage('SPONSOR_PASSWORD2_EMPTY');
                        }
                }
-       } elseif (strlen($_POST['pass1']) < getConfig('pass_len')) {
+       } elseif (strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) {
                // Password is to short!
                $FORM_ERRORS[] = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len'));
        }
 
        // Check if he has accepted the terms&conditions
-       if (empty($_POST['terms'])) {
+       if (!REQUEST_ISSET_POST(('terms'))) {
                // Homepage URL is empty
                $FORM_ERRORS[] = getMessage('SPONSOR_TERMS_NOT_ACCEPTED');
        }
        
        // If there is something wrong/missing stop registration
-       if (count($FORM_ERRORS) > 0) unset($_POST['ok']);
+       if (count($FORM_ERRORS) > 0) REQUEST_UNSET_POST('ok');
 }
 
-if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0)) {
+if ((IS_FORM_SENT()) && (count($FORM_ERRORS) == 0)) {
        // Generate message array
        $MSGs = array(
                'failed' => getMessage('SPONSOR_REGISTRATION_FAILED'),
@@ -201,20 +201,20 @@ if ((isset($_POST['ok'])) && (count($FORM_ERRORS) == 0)) {
        // Calulate points
        $result = SQL_QUERY_ESC("SELECT (pay_rate * pay_min_count) AS points, pay_min_count AS pay, pay_currency AS curr
 FROM `{!_MYSQL_PREFIX!}_sponsor_paytypes`
-WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__);
+WHERE id='%s' LIMIT 1", array(REQUEST_POST('pay_type')), __FILE__, __LINE__);
        list($points, $pay, $curr) = SQL_FETCHROW($result);
 
        // Free memory
        SQL_FREERESULT($result);
 
        // Add points to array
-       $_POST['points_amount'] = $points;
-       $_POST['points_used']   = "0.00000";
-       $_POST['last_pay']      = $pay;
-       $_POST['last_curr']     = $curr;
+       REQUEST_POST('points_amount', $points);
+       REQUEST_POST('points_used'  , "0.00000");
+       REQUEST_POST('last_pay'     , $pay);
+       REQUEST_POST('last_curr'    , $curr);
 
        // Register sponsor but never ever update here!
-       $STATUS = SPONSOR_HANDLE_SPONSOR($_POST, true, $MSGs, true);
+       $STATUS = SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY(), true, $MSGs, true);
 
        // Check the status of the registration process
        switch ($STATUS)
@@ -222,7 +222,7 @@ WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__);
        case "added": // Sponsor successfully added with account status = UNCONFIRMED!
                // Check for his ID number
                $result = SQL_QUERY_ESC("SELECT id, hash FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1",
-                       array($_POST['email']), __FILE__, __LINE__);
+                       array(REQUEST_POST('email')), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // ID found so let's load it for the confirmation email
                        list($id, $hash) = SQL_FETCHROW($result);
@@ -230,16 +230,16 @@ WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__);
                        // Prepare data for the email template
                        define('__ID'       , $id);
                        define('__HASH'     , $hash);
-                       define('__EMAIL'    , $_POST['email']);
-                       define('__SURNAME'  , $_POST['surname']);
-                       define('__FAMILY'   , $_POST['family']);
-                       define('__GENDER'    , TRANSLATE_GENDER($_POST['gender']));
+                       define('__EMAIL'    , REQUEST_POST('email'));
+                       define('__SURNAME'  , REQUEST_POST('surname'));
+                       define('__FAMILY'   , REQUEST_POST('family'));
+                       define('__GENDER'    , TRANSLATE_GENDER(REQUEST_POST('gender')));
                        define('__TIMESTAMP', MAKE_DATETIME(time(), 0));
-                       define('__PASSWORD' , $_POST['pass1']);
+                       define('__PASSWORD' , REQUEST_POST('pass1'));
 
                        // Generate email and send it to the new sponsor
                        $EMAIL_MSG = LOAD_EMAIL_TEMPLATE("sponsor_confirm", $hash);
-                       SEND_EMAIL($_POST['email'], getMessage('SPONSOR_PLEASE_CONFIRM_SUBJ'), $EMAIL_MSG);
+                       SEND_EMAIL(REQUEST_POST('email'), getMessage('SPONSOR_PLEASE_CONFIRM_SUBJ'), $EMAIL_MSG);
 
                        // Send mail to admin
                        SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), "admin_sponsor_reg", $hash);
@@ -248,7 +248,7 @@ WHERE id='%s' LIMIT 1", array($_POST['pay_type']), __FILE__, __LINE__);
                        $MSG = $MSGs['added'];
                } else {
                        // Sponsor account not found???
-                       $MSG = sprintf(getMessage('SPONSOR_EMAIL_404'), $_POST['email']);
+                       $MSG = sprintf(getMessage('SPONSOR_EMAIL_404'), REQUEST_POST('email'));
                }
 
                // Free memory
@@ -296,24 +296,24 @@ ORDER BY pay_name", __FILE__, __LINE__);
                if (count($FORM_ERRORS) > 0)
                {
                        // Some found... :-(
-                       define('__COMPANY'  , COMPILE_CODE($_POST['company']));
-                       define('__POSITION' , COMPILE_CODE($_POST['position']));
-                       define('__TAX_IDENT', COMPILE_CODE($_POST['tax_ident']));
-                       define('__SURNAME'  , COMPILE_CODE($_POST['surname']));
-                       define('__FAMILY'   , COMPILE_CODE($_POST['family']));
-                       define('__STREET1'  , COMPILE_CODE($_POST['street_nr1']));
-                       define('__STREET2'  , COMPILE_CODE($_POST['street_nr2']));
-                       define('__COUNTRY'  , COMPILE_CODE($_POST['country']));
-                       define('__ZIP'      , COMPILE_CODE($_POST['zip']));
-                       define('__CITY'     , COMPILE_CODE($_POST['city']));
-                       define('__PHONE'    , COMPILE_CODE($_POST['phone']));
-                       define('__FAX'      , COMPILE_CODE($_POST['fax']));
-                       define('__CELL'     , COMPILE_CODE($_POST['cell']));
-                       define('__EMAIL'    , COMPILE_CODE($_POST['email']));
-                       define('__URL'      , COMPILE_CODE($_POST['url']));
+                       define('__COMPANY'  , COMPILE_CODE(REQUEST_POST('company')));
+                       define('__POSITION' , COMPILE_CODE(REQUEST_POST('position')));
+                       define('__TAX_IDENT', COMPILE_CODE(REQUEST_POST('tax_ident')));
+                       define('__SURNAME'  , COMPILE_CODE(REQUEST_POST('surname')));
+                       define('__FAMILY'   , COMPILE_CODE(REQUEST_POST('family')));
+                       define('__STREET1'  , COMPILE_CODE(REQUEST_POST('street_nr1')));
+                       define('__STREET2'  , COMPILE_CODE(REQUEST_POST('street_nr2')));
+                       define('__COUNTRY'  , COMPILE_CODE(REQUEST_POST('country')));
+                       define('__ZIP'      , COMPILE_CODE(REQUEST_POST('zip')));
+                       define('__CITY'     , COMPILE_CODE(REQUEST_POST('city')));
+                       define('__PHONE'    , COMPILE_CODE(REQUEST_POST('phone')));
+                       define('__FAX'      , COMPILE_CODE(REQUEST_POST('fax')));
+                       define('__CELL'     , COMPILE_CODE(REQUEST_POST('cell')));
+                       define('__EMAIL'    , COMPILE_CODE(REQUEST_POST('email')));
+                       define('__URL'      , COMPILE_CODE(REQUEST_POST('url')));
 
                        // Check for gender selection
-                       switch ($_POST['gender'])
+                       switch (REQUEST_POST('gender'))
                        {
                        case "M": // Male
                                define('__GENDER_M'  , " selected=\"selected\"");
@@ -335,7 +335,7 @@ ORDER BY pay_name", __FILE__, __LINE__);
                        }
 
                        // Check for receive_warnings
-                       switch ($_POST['receive_warnings'])
+                       switch (REQUEST_POST('receive_warnings'))
                        {
                        case "Y":
                                define('__REC_Y'    , " selected=\"selected\"");
@@ -359,7 +359,7 @@ ORDER BY pay_name", __FILE__, __LINE__);
 
                        $OUT .= "</ol><br />\n";
                        define('__SPONSOR_FORM_ERRORS', $OUT);
-                       define('__SPONSOR_REFID', $_POST['refid']);
+                       define('__SPONSOR_REFID', REQUEST_POST('refid'));
                } else {
                        // None found, first call
                        define('__COMPANY'  , "");
@@ -388,12 +388,12 @@ ORDER BY pay_name", __FILE__, __LINE__);
                }
 
                // Prepare referal things
-               if (!isset($_GET['refid'])) {
+               if (!REQUEST_ISSET_GET(('refid'))) {
                        // No referal link
                        define('__SPONSOR_REFID', "0");
                } else  {
                        // Referal ID transmitted, we don't care here if it is right or not
-                       define('__SPONSOR_REFID', bigintval($_GET['refid']));
+                       define('__SPONSOR_REFID', bigintval(REQUEST_GET('refid')));
                }
 
                // Display registration form
index 5826384de709e1ee6dea72df7bcc86670f8546df..b7e9484bf9f36cb449a8f054d419cedfb51282ee 100644 (file)
@@ -41,8 +41,9 @@ if (!defined('__SECURITY')) {
 ADD_DESCR("guest", __FILE__);
 
 // Derterminate which stats we want and set mode and title for the link below stats block
-if (!isset($_GET['mode'])) $_GET['mode'] = strtolower(getConfig('guest_stats'));
-switch ($_GET['mode']) {
+if (!REQUEST_ISSET_GET(('mode'))) REQUEST_SET_GET('mode', strtolower(getConfig('guest_stats')));
+
+switch (REQUEST_GET('mode')) {
        case "members" :
                setConfigEntry('guest_stats', "MEMBERS");
                $lmode = "modules";
index 8ca5c6cf014d7452bcd4cbca87de777cb60e2d2a..94ef4689a71c94e602a76f948d958e8ac27a1e90 100644 (file)
@@ -47,15 +47,15 @@ define('__GUEST_ADVERT', LOAD_TEMPLATE("guest_advert", true));
 LOAD_TEMPLATE("guest_header");
 
 // Add message here
-if (!empty($_GET['msg'])) {
+if (REQUEST_ISSET_GET(('msg'))) {
        // Default extension is "unknown"
        $ext = "unknown";
 
        // Is extension given?
-       if (!empty($_GET['ext'])) $ext = SQL_ESCAPE($_GET['ext']);
+       if (REQUEST_ISSET_GET(('ext'))) $ext = SQL_ESCAPE(REQUEST_GET('ext'));
 
        // Which message shall we output?
-       $msg = convertCodeToMessage($_GET['msg']);
+       $msg = convertCodeToMessage(REQUEST_GET('msg'));
 
        // Load message template
        LOAD_TEMPLATE("message", false, $msg);
index 4b6a8d1d85da7360517b51957ffea5327f1b206b..6d5b5a37d203f859e5ac556ec0870dc2cd4c9e19 100644 (file)
@@ -37,9 +37,9 @@ if (!defined('__SECURITY')) {
        require($INC);
 }
 
-if (!empty($_GET['url'])) {
+if (REQUEST_ISSET_GET(('url'))) {
        // Decode URL
-       $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode($_GET['url']))));
+       $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url')))));
 
        // Validate the URL
        if (VALIDATE_URL($url)) {
index ab5fc444b6288c50b8b73178bc40d2493adc789b..61da7b93edfb8423df38708142b763b79825752f 100644 (file)
@@ -52,22 +52,22 @@ $cats = SQL_NUMROWS($result);
 if ($cats > 0)
 {
        $LEAST = false;
-       if (isset($_POST['ok']))
+       if (IS_FORM_SENT())
        {
                $cnt = 0;
-               foreach ($_POST['cat'] as $cat => $joined)
+               foreach (REQUEST_POST('cat') as $cat => $joined)
                {
                        if ($joined == "N") $cnt++;
                }
                if (($cats - $cnt) < getConfig('least_cats'))
                {
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                        $LEAST = true;
                }
        }
-       if (isset($_POST['ok']))
+       if (IS_FORM_SENT())
        {
-               foreach ($_POST['cat'] as $cat => $joined)
+               foreach (REQUEST_POST('cat') as $cat => $joined)
                {
                        switch ($joined)
                        {
@@ -125,9 +125,9 @@ if ($cats > 0)
                         array($UID, bigintval($id)), __FILE__, __LINE__);
 
                        // When we found an entry don't read it, just change the JOINED_x variables
-                       if (isset($_POST['cat']))
+                       if (REQUEST_ISSET_POST(('cat')))
                        {
-                               if ($_POST['cat'][$id] =='Y') { $JOINED_Y = " checked=\"checked\""; $JOINED_N = ""; }
+                               if (REQUEST_POST('cat', $id) =='Y') { $JOINED_Y = " checked=\"checked\""; $JOINED_N = ""; }
                        }
                         else
                        {
index 3f3c29223d518141df2ab51b9b6261a316b07326..5bbf90d4c186fc1597da34ed7e5c06127a945d28 100644 (file)
@@ -64,8 +64,8 @@ if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1))
        if ((($stamp1 + getConfig('holiday_lock')) > time()) || (($stamp2 + getConfig('holiday_lock')) > time()))
        {
                // Mail order is to close away!
-               unset($_POST['ok']);
-               unset($_POST['stop']);
+               REQUEST_UNSET_POST('ok');
+               REQUEST_UNSET_POST(('stop'));
 
                if (($stamp1 + getConfig('holiday_lock')) > time())
                {
@@ -88,24 +88,24 @@ if ((SQL_NUMROWS($result1) == 1) || (SQL_NUMROWS($result2) == 1))
 SQL_FREERESULT($result1);
 SQL_FREERESULT($result2);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Check holiday request...
-       $START = mktime(0, 0, 0, $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
-       $END   = mktime(0, 0, 0, $_POST['end_month']  , $_POST['end_day']  , $_POST['end_year']  );
+       $START = mktime(0, 0, 0, REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year'));
+       $END   = mktime(0, 0, 0, REQUEST_POST('end_month')  , REQUEST_POST('end_day')  , REQUEST_POST('end_year')  );
 
        // Test both values
        $TEST = $END - $START;
        if (($TEST < 0) || ($TEST > (getConfig('one_day') * getConfig('holiday_max'))) || ($START < time()) || ($END < time()))
        {
                // Time test failed
-               unset($_POST['ok']);
+               REQUEST_UNSET_POST('ok');
        }
         else
        {
                // Everything went okay so let's store his request and send mails
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_holidays` (userid, holiday_start, holiday_end, comments) VALUES ('%s','%s','%s','%s')",
-                array($GLOBALS['userid'], $START, $END, $_POST['comments']), __FILE__, __LINE__);
+                array($GLOBALS['userid'], $START, $END, REQUEST_POST('comments')), __FILE__, __LINE__);
 
                // Activate holiday system
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data`
@@ -114,19 +114,19 @@ WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
 
                // Prepare constants
-               define('_START_DAY'  , $_POST['start_day']);
-               define('_START_MONTH', $MONTH_DESCR[$_POST['start_month']]);
-               define('_START_YEAR' , $_POST['start_year']);
-               define('_END_DAY'    , $_POST['end_day']);
-               define('_END_MONTH'  , $MONTH_DESCR[$_POST['end_month']]);
-               define('_END_YEAR'   , $_POST['end_year']);
+               define('_START_DAY'  , REQUEST_POST('start_day'));
+               define('_START_MONTH', $MONTH_DESCR[REQUEST_POST('start_month')]);
+               define('_START_YEAR' , REQUEST_POST('start_year'));
+               define('_END_DAY'    , REQUEST_POST('end_day'));
+               define('_END_MONTH'  , $MONTH_DESCR[REQUEST_POST('end_month')]);
+               define('_END_YEAR'   , REQUEST_POST('end_year'));
 
                // Send mail to member
-               $msg = LOAD_EMAIL_TEMPLATE("member_holiday_request", $_POST['comments'], $GLOBALS['userid']);
+               $msg = LOAD_EMAIL_TEMPLATE("member_holiday_request", REQUEST_POST('comments'), $GLOBALS['userid']);
                SEND_EMAIL($GLOBALS['userid'], HOLIDAY_MEMBER_SUBJECT, $msg);
 
                // Send mail to all admins
-               SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_SUBJECT, "admin_holiday_request", $_POST['comments'], $GLOBALS['userid']);
+               SEND_ADMIN_NOTIFICATION(HOLIDAY_ADMIN_SUBJECT, "admin_holiday_request", REQUEST_POST('comments'), $GLOBALS['userid']);
 
                // Create task
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','HOLIDAY_REQUEST','%s','%s', UNIX_TIMESTAMP())",
@@ -138,7 +138,7 @@ WHERE userid=%s LIMIT 1",
 }
 
 // Holiday shall be ended now
-if (isset($_POST['stop']))
+if (REQUEST_ISSET_POST(('stop')))
 {
        // Okay, end the holiday here...
        $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data`
@@ -190,7 +190,7 @@ WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
 }
 
 // If something is wrong or link in menu is just clicked display form
-if ((!isset($_POST['ok'])) && (!isset($_POST['stop'])))
+if ((!IS_FORM_SENT()) && (!REQUEST_ISSET_POST(('stop'))))
 {
        // Check if user is in holiday...
        $result = SQL_QUERY_ESC("SELECT holiday_active, holiday_activated FROM `{!_MYSQL_PREFIX!}_user_data`
index af47b72b987fe807b42a5773ed36f4f1dc647214..e7b9337df4e2c005dbcbea23ff074eb0de2d812a 100644 (file)
@@ -46,32 +46,27 @@ if (!defined('__SECURITY')) {
 ADD_DESCR("member", __FILE__);
 
 // Class was found and loaded
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Save settings
        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET html='%s' WHERE userid=%s LIMIT 1",
-               array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__);
+               array(REQUEST_POST('html'), $GLOBALS['userid']), __FILE__, __LINE__);
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SETTINGS_SAVED'));
-}
- else
-{
+} else {
        // Load template for changing settings
        $result = SQL_QUERY_ESC("SELECT html FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-        array($GLOBALS['userid']), __FILE__, __LINE__);
+               array($GLOBALS['userid']), __FILE__, __LINE__);
        list($mode) = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
-       if ($mode == "Y")
-       {
+       if ($mode == "Y") {
                define('HTML_Y', " checked=\"checked\"");
                define('HTML_N', "");
-       }
-        else
-       {
+       } else {
                define('HTML_N', " checked=\"checked\"");
                define('HTML_Y', "");
        }
        LOAD_TEMPLATE("member_html_mail_settings");
 }
+
 //
 ?>
index d742a4fbeeb3c9fa3d2d75d6a085e9797bdecbeb..419708c9a5a0caa06c3ce218eaa8c224785cc1af 100644 (file)
@@ -49,9 +49,9 @@ define('UID_VALUE', $GLOBALS['userid']); $URL = "";
 
 // Detect what the member wants to do
 $MODE = "show"; // Show his data
-if (!empty($_POST['save']))   $MODE = "save";   // Save entered data
-if (isset($_POST['edit']))   $MODE = "edit";   // Edit data
-if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
+if (REQUEST_ISSET_POST(('save')))   $MODE = "save";   // Save entered data
+if (REQUEST_ISSET_POST(('edit')))    $MODE = "edit";   // Edit data
+if (REQUEST_ISSET_POST(('notify'))) $MODE = "notify"; // Switch off notification
 
 switch ($MODE)
 {
@@ -194,13 +194,13 @@ case "save": // Save entered data
                $DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0");
                // You cannot change your account
                LOAD_TEMPLATE("member_mydata_locked");
-       } elseif (!VALIDATE_EMAIL($_POST['addy'])) {
+       } elseif (!VALIDATE_EMAIL(REQUEST_POST('addy'))) {
                // Invalid email address!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
        } else {
                // Generate hash
-               $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
-               if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1']))) {
+               $hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
+               if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST(('pass1')))) {
                        // Only on simple changes normal mode is active = no email or password changed
                        $MODE = "normal"; $AND = "";
 
@@ -208,10 +208,10 @@ case "save": // Save entered data
                        if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
 
                        // Or did he changed his password?
-                       if ($_POST['addy'] != $DATA[0]) {
+                       if (REQUEST_POST('addy') != $DATA[0]) {
                                // Jupp
                                if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
-                               $_POST['old_addy'] = $DATA[0];
+                               REQUEST_SET_POST('old_addy', $DATA[0]);
                        }
 
                        // Update member's profile
@@ -229,18 +229,18 @@ notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
 WHERE userid=%s AND password='%s' LIMIT 1",
 array(
-       $_POST['gender'],
-       $_POST['surname'],
-       $_POST['family_name'],
-       $_POST['street_nr'],
-       bigintval($_POST['country_code']),
-       bigintval($_POST['zip']),
-       $_POST['city'],
-       $_POST['addy'],
-       bigintval($_POST['day']),
-       bigintval($_POST['month']),
-       bigintval($_POST['year']),
-       bigintval($_POST['max_mails']),
+       REQUEST_POST('gender'),
+       REQUEST_POST('surname'),
+       REQUEST_POST('family'),
+       REQUEST_POST('street_nr'),
+       bigintval(REQUEST_POST('country_code')),
+       bigintval(REQUEST_POST('zip')),
+       REQUEST_POST('city'),
+       REQUEST_POST('addy'),
+       bigintval(REQUEST_POST('day')),
+       bigintval(REQUEST_POST('month')),
+       bigintval(REQUEST_POST('year')),
+       bigintval(REQUEST_POST('max_mails')),
        UID_VALUE,
        get_session('u_hash')
  ), __FILE__, __LINE__);
@@ -258,18 +258,18 @@ notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
 WHERE userid=%s AND password='%s' LIMIT 1",
 array(
-       $_POST['gender'],
-       $_POST['surname'],
-       $_POST['family_name'],
-       $_POST['street_nr'],
-       $_POST['cntry'],
-       bigintval($_POST['zip']),
-       $_POST['city'],
-       $_POST['addy'],
-       bigintval($_POST['day']),
-       bigintval($_POST['month']),
-       bigintval($_POST['year']),
-       bigintval($_POST['max_mails']),
+       REQUEST_POST('gender'),
+       REQUEST_POST('surname'),
+       REQUEST_POST('family'),
+       REQUEST_POST('street_nr'),
+       REQUEST_POST('cntry'),
+       bigintval(REQUEST_POST('zip')),
+       REQUEST_POST('city'),
+       REQUEST_POST('addy'),
+       bigintval(REQUEST_POST('day')),
+       bigintval(REQUEST_POST('month')),
+       bigintval(REQUEST_POST('year')),
+       bigintval(REQUEST_POST('max_mails')),
        UID_VALUE,
        get_session('u_hash')
  ), __FILE__, __LINE__);
index 9fb4453d17a3684af540c6b44f833d6ab9ff58d3..ebfe236222ed372247f9474790c3da9c0c779615 100644 (file)
@@ -54,7 +54,7 @@ SQL_FREERESULT($result);
 // Remember charge value
 define('__CHARGE_VALUE', TRANSLATE_COMMA(getConfig('nl_charge')));
 
-if ((isset($_POST['ok'])) && ($status == "Y") && ($span == "0")) {
+if ((IS_FORM_SENT()) && ($status == "Y") && ($span == "0")) {
        // Save request
        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nl_timespan='".(getConfig('one_day') * 30)."' WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
index 6afe0ce978136f78114353e5340b196f1dbb59dd..73ae2b3fc14e4b94928b39c6843d25de69d8a0c3 100644 (file)
@@ -46,14 +46,14 @@ if (!defined('__SECURITY')) {
 ADD_DESCR("member", __FILE__);
 $VALID = false;
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Nickname was submitted so let's check if it is not already in use
-       if (!empty($_POST['nickname'])) {
+       if (REQUEST_ISSET_POST(('nickname'))) {
                // Check if nickname is valid
                $PATTERN = "[".__NICKNAME_PATTERN."]{".__NICKNAME_LENGTH.",}";
-               if (ereg($PATTERN, $_POST['nickname'], $array)) {
+               if (ereg($PATTERN, REQUEST_POST('nickname'), $array)) {
                        // Entered nickname is valid?
-                       if ($array[0] == $_POST['nickname']) $VALID = true;
+                       if ($array[0] == REQUEST_POST('nickname')) $VALID = true;
                } // END - if
        } // END - if
 } // END - if
@@ -61,11 +61,11 @@ if (isset($_POST['ok'])) {
 if ($VALID) {
        // Look for nickname in database (we only need just one entry so don't worry about the "LIMIT 1" !
        $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' AND userid != '%s' LIMIT 1",
-               array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
+               array(REQUEST_POST('nickname'), $GLOBALS['userid']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Nickname not in use, so set it now
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET nickname='%s' WHERE userid=%s LIMIT 1",
-                       array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
+                       array(REQUEST_POST('nickname'), $GLOBALS['userid']), __FILE__, __LINE__);
                $content = NICKNAME_SAVED;
        } else {
                // Free result
@@ -82,7 +82,7 @@ if ($VALID) {
        define('__NICKNAME', NICKNAME_GET_NICK($GLOBALS['userid']));
 
        // Do we have already submit the form?
-       if (!empty($_POST['nickname'])) {
+       if (REQUEST_ISSET_POST(('nickname'))) {
                LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_failed\">".NICKNAME_IS_INVALID."</div");
        } // END - if
 
index bffe8c6baa9a6d7f7168a076e6700885d33ea455..bb66ac1a9ff039e70c84c14c69463e35c01b4d0f 100644 (file)
@@ -49,10 +49,10 @@ $URL = ""; $id = 0;
 $whereStatement = " WHERE `visible`='Y'";
 
 // Set undefined array elements
-if (empty($_GET['msg']))       $_GET['msg']       = "";
-if (empty($_POST['zip']))      $_POST['zip']      = "";
-if (empty($_POST['html']))     $_POST['html']     = "";
-if (empty($_POST['receiver'])) $_POST['receiver'] = "";
+if (!REQUEST_ISSET_GET(('msg')))       REQUEST_SET_GET('msg'      , "");
+if (!REQUEST_ISSET_POST(('zip')))      REQUEST_SET_POST('zip'     , "");
+if (!REQUEST_ISSET_POST(('html')))     REQUEST_SET_POST('html'    , "");
+if (!REQUEST_ISSET_POST(('receiver'))) REQUEST_SET_POST('receiver', "");
 if (IS_ADMIN()) $whereStatement = "";
 
 // Minimum mails / order
@@ -87,14 +87,14 @@ $TOTAL = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL
 if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3")) {
        // Holiday is active!
        LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE);
-} elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0)) {
+} elseif ((REQUEST_ISSET_POST(('frametester'))) && ($ALLOWED > 0) && (REQUEST_POST('receiver') > 0)) {
        // Continue with the frametester, we first need to store the data temporary in the pool
        //
        // First we would like to store the data and get it's pool position back...
        $result = SQL_QUERY_ESC("SELECT id, data_type
 FROM `{!_MYSQL_PREFIX!}_pool`
 WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
-               array($GLOBALS['userid'], $_POST['url'], getConfig('url_tlock')), __FILE__, __LINE__);
+               array($GLOBALS['userid'], REQUEST_POST('url'), getConfig('url_tlock')), __FILE__, __LINE__);
 
        $type = "TEMP"; $id = 0;
        if (SQL_NUMROWS($result) == 1) {
@@ -111,13 +111,13 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                $URL = "";
                if (getConfig('test_text') == "Y") {
                        // Test submitted text against some filters (length, URLs in text etc.)
-                       if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1)) {
+                       if ((strpos(strtolower(REQUEST_POST('text')), "https://") > -1) || (strpos(strtolower(REQUEST_POST('text')), "http://") > -1) || (strpos(strtolower(REQUEST_POST('text')), "www") > -1)) {
                                // URL found!
                                $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_URL_FOUND');
                        } // END - if
 
                        // Remove new-line and carriage-return characters
-                       $TEST = str_replace("\n", "", str_replace("\r", "", $_POST['text']));
+                       $TEST = str_replace("\n", "", str_replace("\r", "", REQUEST_POST('text')));
 
                        // Text length within allowed length?
                        if (strlen($TEST) > getConfig('max_tlength')) {
@@ -129,8 +129,8 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                // Shall I test the subject line against URLs?
                if (getConfig('test_subj') == "Y") {
                        // Check the subject line for issues
-                       $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
-                       if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1)) {
+                       REQUEST_SET_POST('subject', str_replace("\\", "[nl]", substr(REQUEST_POST('subject'), 0, 200)));
+                       if ((strpos(strtolower(REQUEST_POST('subject')), "http://") > -1) || (strpos(strtolower(REQUEST_POST('subject')), "www") > -1)) {
                                // URL in subject found
                                $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_SUBJ_URL');
                        } // END - if
@@ -140,7 +140,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                if (getConfig('url_blacklist') == "Y") {
                        // Ok, I do that for you know...
                        $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{!_MYSQL_PREFIX!}_url_blacklist` WHERE `url`='%s' LIMIT 1",
-                               array($_POST['url']), __FILE__, __LINE__);
+                               array(REQUEST_POST('url')), __FILE__, __LINE__);
 
                        if (SQL_NUMROWS($result) == 1) {
                                // Jupp, we got one listed
@@ -155,13 +155,13 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                } // END - if
 
                // Enougth receivers entered?
-               if (($_POST['receiver'] < getConfig('order_min')) && (!IS_ADMIN())) {
+               if ((REQUEST_POST('receiver') < getConfig('order_min')) && (!IS_ADMIN())) {
                        // Less than allowed receivers entered!
                        $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_MORE_RECEIVERS3');
                } // END - if
 
                // Validate URL
-               if (!VALIDATE_URL($_POST['url'])) {
+               if (!VALIDATE_URL(REQUEST_POST('url'))) {
                        // URL is invalid!
                        $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_INVALID_URL');
                } // END - if
@@ -169,15 +169,15 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                // Probe for HTML extension
                if (EXT_IS_ACTIVE("html_mail")) {
                        // HTML or regular text mail?
-                       if ($_POST['html'] == "Y") {
+                       if (REQUEST_POST('html') == "Y") {
                                // Chek for valid HTML tags
-                               $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
+                               REQUEST_SET_POST('text', HTML_CHECK_TAGS(REQUEST_POST('text')));
 
                                // Maybe invalid tags found?
-                               if (empty($_POST['text'])) $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_INVALID_TAGS')."&amp;id=".$id;
+                               if (!REQUEST_ISSET_POST(('text'))) $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_INVALID_TAGS')."&amp;id=".$id;
                        } else {
                                // Remove any HTML code
-                               $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
+                               REQUEST_SET_POST('text', str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", REQUEST_POST('text'))));
                        }
                }
        } elseif (!IS_ADMIN()) {
@@ -189,9 +189,9 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
        if (empty($URL)) {
                // Check if category and number of receivers is okay
                $ADD = "";
-               if ((getConfig('order_multi_page') == "Y") && (!empty($_POST['zip']))) {
+               if ((getConfig('order_multi_page') == "Y") && (REQUEST_ISSET_POST(('zip')))) {
                        // Choose recipients by ZIP code
-                       $ADD = " AND d.zip LIKE '".bigintval($_POST['zip'])."{PER}'";
+                       $ADD = " AND d.zip LIKE '".bigintval(REQUEST_POST('zip'))."{PER}'";
                } // END - if
 
                // Check for userids
@@ -201,14 +201,14 @@ ON c.userid=d.userid
 WHERE c.cat_id=%s AND c.userid != '%s' AND d.`status`='CONFIRMED' AND d.receive_mails > 0".$ADD."
 ORDER BY d.%s %s",
  array(
-       bigintval($_POST['cat']),
+       bigintval(REQUEST_POST('cat')),
        $GLOBALS['userid'],
        getConfig('order_select'),
        getConfig('order_mode'),
  ), __FILE__, __LINE__);
 
                // Do we enougth receivers left?
-               if (SQL_NUMROWS($result) >= $_POST['receiver']) {
+               if (SQL_NUMROWS($result) >= REQUEST_POST('receiver')) {
                        // Check for holiday extensions
                        $HOLIDAY = false;
                        if (GET_EXT_VERSION("holiday") >= "0.1.3") {
@@ -251,13 +251,13 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME
                                array(str_replace(";", ", ", $RECEIVER), $MAX_SEND), __FILE__, __LINE__);
 
                        // Is calculated max receivers larger than wanted receivers then reset it
-                       if ($MAX_SEND > $_POST['receiver']) $MAX_SEND = $_POST['receiver'];
+                       if ($MAX_SEND > REQUEST_POST('receiver')) $MAX_SEND = REQUEST_POST('receiver');
 
                        // Calculate used points
-                       $USED = $MAX_SEND * GET_PAY_POINTS(bigintval($_POST['type']));
+                       $USED = $MAX_SEND * GET_PAY_POINTS(bigintval(REQUEST_POST('type')));
 
                        // Fix empty zip code
-                       if (empty($_POST['zip'])) $_POST['zip'] = "0";
+                       if (!REQUEST_ISSET_POST(('zip'))) REQUEST_SET_POST('zip', "0");
 
                        // Check if he has enougth points for this order and selected more than 0 receivers
                        if (($USED > 0) && ($USED <= $TOTAL) && ($MAX_SEND > 0)) {
@@ -272,16 +272,16 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME
  VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')",
 array(
        $GLOBALS['userid'],
-       $_POST['subject'],
-       $_POST['text'],
+       REQUEST_POST('subject'),
+       REQUEST_POST('text'),
        $RECEIVER,
-       bigintval($_POST['type']),
+       bigintval(REQUEST_POST('type')),
        $TIME,
-       $_POST['url'],
-       bigintval($_POST['cat']),
+       REQUEST_POST('url'),
+       bigintval(REQUEST_POST('cat')),
        $MAX_SEND,
-       bigintval($_POST['zip']),
-       $_POST['html']
+       bigintval(REQUEST_POST('zip')),
+       REQUEST_POST('html')
 ), __FILE__, __LINE__);
                                        } else {
                                                // No HTML extension is active
@@ -289,15 +289,15 @@ array(
  VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')",
 array(
        $GLOBALS['userid'],
-       $_POST['subject'],
-       $_POST['text'],
+       REQUEST_POST('subject'),
+       REQUEST_POST('text'),
        $RECEIVER,
-       bigintval($_POST['type']),
+       bigintval(REQUEST_POST('type')),
        $TIME,
-       $_POST['url'],
-       bigintval($_POST['cat']),
+       REQUEST_POST('url'),
+       bigintval(REQUEST_POST('cat')),
        $MAX_SEND,
-       bigintval($_POST['zip']),
+       bigintval(REQUEST_POST('zip')),
 ), __FILE__, __LINE__);
                                        }
                                } else {
@@ -317,15 +317,15 @@ zip=%s,
 html_msg='%s'
 WHERE id=%s LIMIT 1",
 array(
-       $_POST['subject'],
-       $_POST['text'],
+       REQUEST_POST('subject'),
+       REQUEST_POST('text'),
        $RECEIVER,
-       bigintval($_POST['type']),
-       $_POST['url'],
-       bigintval($_POST['cat']),
+       bigintval(REQUEST_POST('type')),
+       REQUEST_POST('url'),
+       bigintval(REQUEST_POST('cat')),
        $MAX_SEND,
-       bigintval($_POST['zip']),
-       $_POST['html'],
+       bigintval(REQUEST_POST('zip')),
+       REQUEST_POST('html'),
        bigintval($id)
 ), __FILE__, __LINE__);
                                        } else {
@@ -342,14 +342,14 @@ target_send=%s,
 zip=%s
 WHERE id=%s LIMIT 1",
 array(
-       $_POST['subject'],
-       $_POST['text'],
+       REQUEST_POST('subject'),
+       REQUEST_POST('text'),
        $RECEIVER,
-       bigintval($_POST['type']),
-       $_POST['url'],
-       bigintval($_POST['cat']),
+       bigintval(REQUEST_POST('type')),
+       REQUEST_POST('url'),
+       bigintval(REQUEST_POST('cat')),
        $MAX_SEND,
-       bigintval($_POST['zip']),
+       bigintval(REQUEST_POST('zip')),
        bigintval($id)
 ), __FILE__, __LINE__);
                                        }
@@ -361,8 +361,8 @@ array(
                                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_pool` WHERE sender=%s AND subject='%s' AND payment_id=%s AND data_type='TEMP' AND timestamp=%s LIMIT 1",
                                        array(
                                                $GLOBALS['userid'],
-                                               $_POST['subject'],
-                                               bigintval($_POST['type']),
+                                               REQUEST_POST('subject'),
+                                               bigintval(REQUEST_POST('type')),
                                                $TIME
                                        ), __FILE__, __LINE__);
 
@@ -384,7 +384,7 @@ array(
                        $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_NO_RECS_LEFT');
                }
        }
-} elseif ($_POST['receiver'] == "0") {
+} elseif (REQUEST_POST('receiver') == "0") {
        // Not enougth receivers selected
        $URL = "modules.php?module=login&amp;what=order&amp;msg=".constant('CODE_MORE_RECEIVERS1');
 } elseif (($ALLOWED == 0) && (getConfig('order_max_full') == "ORDER")) {
@@ -404,7 +404,7 @@ array(
 
                        // Enable HTML checking
                        $HTML = ""; $HOLIDAY = false; $HOL_STRING = "";
-                       if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'";
+                       if ((EXT_IS_ACTIVE("html_mail")) && (REQUEST_POST('html') == "Y")) $HTML = " AND html='Y'";
                        if (GET_EXT_VERSION("holiday") >= "0.1.3") {
                                // Extension's version is fine
                                $HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'";
@@ -445,10 +445,10 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                                $result_ver = SQL_QUERY_ESC("SELECT zip FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s".$HTML." AND receive_mails > 0 AND `status`='CONFIRMED' LIMIT 1",
                                                        array(bigintval($ucat)), __FILE__, __LINE__);
 
-                                               if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && (getConfig('order_multi_page') == "Y")) {
+                                               if ((SQL_NUMROWS($result_ver) == 1) && (REQUEST_ISSET_POST(('zip'))) && (getConfig('order_multi_page') == "Y")) {
                                                        list($zip) = SQL_FETCHROW($result_ver);
                                                        SQL_FREERESULT($result_ver);
-                                                       if (substr($zip, 0, strlen($_POST['zip'])) == $_POST['zip']) {
+                                                       if (substr($zip, 0, strlen(REQUEST_POST('zip'))) == REQUEST_POST('zip')) {
                                                                // Ok, ZIP part is found
                                                                $uid_cnt++;
                                                        } // END - if
@@ -474,11 +474,11 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) > 0) {
                                // Check for message ID in URL
                                $MSG = "";
-                               switch ($_GET['msg'])
+                               switch (REQUEST_GET('msg'))
                                {
                                case constant('CODE_URL_TLOCK'):
                                        $result = SQL_QUERY_ESC("SELECT timestamp FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
-                                        array(bigintval($_GET['id'])), __FILE__, __LINE__);
+                                        array(bigintval(REQUEST_GET('id'))), __FILE__, __LINE__);
 
                                        // Load timestamp from last order
                                        list($LORDER) = SQL_FETCHROW($result);
@@ -516,7 +516,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                        break;
 
                                case constant('CODE_BLIST_URL'):
-                                       $MSG = "{--MEMBER_URL_BLACK_LISTED--}<br />\n{--MEMBER_BLIST_TIME--}: ".MAKE_DATETIME($_GET['blist'], "0");
+                                       $MSG = "{--MEMBER_URL_BLACK_LISTED--}<br />\n{--MEMBER_BLIST_TIME--}: ".MAKE_DATETIME(REQUEST_GET('blist'), "0");
                                        break;
 
                                case constant('CODE_NO_RECS_LEFT'):
@@ -551,8 +551,8 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                        break;
 
                                default:
-                                       DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error code %s detected.", $_GET['msg']));
-                                       $MSG = sprintf(getMessage('UNKNOWN_CODE'), $_GET['msg']);
+                                       DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error code %s detected.", REQUEST_GET('msg')));
+                                       $MSG = sprintf(getMessage('UNKNOWN_CODE'), REQUEST_GET('msg'));
                                        break;
                                }
 
@@ -617,7 +617,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                SQL_FREERESULT($result);
 
                                // 01      2              21    12                                    2    23         443    3          3210
-                               if ((!empty($_POST['data'])) || ((getConfig('order_multi_page') != "Y") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) {
+                               if ((REQUEST_ISSET_POST(('data'))) || ((getConfig('order_multi_page') != "Y") && ((!IS_ADMIN()) && (!EXT_IS_ACTIVE("html_mail"))))) {
                                        // Pre-output categories
                                        $CAT = "";
                                        foreach ($CATS['id'] as $key => $value) {
@@ -646,15 +646,15 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                        define('TEXT', COMPILE_CODE($text));
                                        define('T_URL', $url);
 
-                                       if (!empty($_POST['zip'])) {
+                                       if (REQUEST_ISSET_POST(('zip'))) {
                                                // Output entered ZIP code
-                                               define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, $_POST['zip']));
+                                               define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, REQUEST_POST('zip')));
                                        } else {
                                                define('ZIP_OUTPUT', "<tr><td colspan=\"5\" height=\"5\" class=\"seperator\">&nbsp;</td></tr>");
                                        }
 
                                        // HTML extension
-                                       if ((EXT_IS_ACTIVE("html_mail")) && ($_POST['html'] == "Y")) {
+                                       if ((EXT_IS_ACTIVE("html_mail")) && (REQUEST_POST('html') == "Y")) {
                                                // Extension is active so output valid HTML tags
                                                define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS()));
                                        } else {
@@ -679,9 +679,9 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
                                        // Do we want ZIP code or not?
                                        if ((getConfig('order_multi_page') == "Y") || (IS_ADMIN())) {
                                                // Yes
-                                               if ($_POST['zip'] > 0) {
+                                               if (REQUEST_POST('zip') > 0) {
                                                        $content = array(
-                                                               'zip' => bigintval($_POST['zip']),
+                                                               'zip' => bigintval(REQUEST_POST('zip')),
                                                                'add' => $ADD
                                                        );
                                                } else {
index 6b8ea9cc364245e608be2ade161c3e6ba66ab9e2..42b42b7adec39ef9a1bcc1cad4668dfcf314d70b 100644 (file)
@@ -79,7 +79,7 @@ $TPTS = TRANSLATE_COMMA($TPTS - $USED);
 // Sanity check...
 if (empty($TPTS)) $TPTS = "0.00000";
 
-if (empty($_GET['payout'])) {
+if (!REQUEST_ISSET_GET(('payout'))) {
        // Load payout types
        $result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url
 FROM `{!_MYSQL_PREFIX!}_payout_types`
@@ -152,7 +152,7 @@ ORDER BY p.payout_timestamp DESC",
 } else {
        // Chedk if he can get paid by selected type
        $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
-               array(bigintval($_GET['payout'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('payout'))), __FILE__, __LINE__);
 
        if (SQL_NUMROWS($result) == 1) {
                // ID is valid
@@ -164,8 +164,8 @@ ORDER BY p.payout_timestamp DESC",
 
                // Calulcate points from submitted amount
                $PAYOUT = 0;
-               if (!empty($_POST['payout'])) {
-                       $PAYOUT  = bigintval($_POST['payout']) / $rate;
+               if (REQUEST_ISSET_POST(('payout'))) {
+                       $PAYOUT  = bigintval(REQUEST_POST('payout')) / $rate;
                        $PAY_MAX = $max / $rate;
                }
 
@@ -175,7 +175,7 @@ ORDER BY p.payout_timestamp DESC",
 
                if (REVERT_COMMA($TPTS) >= $min) {
                        // Ok, he can get be paid
-                       if ((isset($_POST['ok'])) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min)) {
+                       if ((IS_FORM_SENT()) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min)) {
                                // Calculate exact value
                                define('PAYOUT_POINTS_VALUE', $PAYOUT);
 
@@ -189,11 +189,11 @@ ORDER BY p.payout_timestamp DESC",
 VALUES (%s,%s,%s, UNIX_TIMESTAMP(), 'NEW','%s','%s','%s')",
  array(
        $GLOBALS['userid'],
-       bigintval($_POST['payout']),
-       bigintval($_GET['payout']),
-       $_POST['turl'],
-       $_POST['alt'],
-       $_POST['banner']
+       bigintval(REQUEST_POST('payout')),
+       bigintval(REQUEST_GET('payout')),
+       REQUEST_POST('turl'),
+       REQUEST_POST('alt'),
+       REQUEST_POST('banner')
 ), __FILE__, __LINE__);
 
                                        // Load templates
@@ -209,11 +209,11 @@ VALUES (%s,%s,%s, UNIX_TIMESTAMP(), 'NEW','%s','%s','%s')",
 VALUES (%s,%s,%s,'%s',%s, UNIX_TIMESTAMP(), 'NEW','%s')",
  array(
        $GLOBALS['userid'],
-       bigintval($_POST['payout']),
-       bigintval($_POST['account']),
-       $_POST['bank'],
-       bigintval($_GET['payout']),
-       $_POST['pass']
+       bigintval(REQUEST_POST('payout')),
+       bigintval(REQUEST_POST('account')),
+       REQUEST_POST('bank'),
+       bigintval(REQUEST_GET('payout')),
+       REQUEST_POST('pass')
 ), __FILE__, __LINE__);
 
                                        // Load templates
index 2783498ba6320dd1053ea0ca92d0a75a8d6c4fe9..648eefb27d8761dd32b46d6ee73d7c71ab85cbfe 100644 (file)
@@ -58,7 +58,7 @@ if ((getConfig('primera_api_name') == "") || (getConfig('primera_api_md5') == ""
 $content = array(); $points = false;
 
 // Is the mode set (payout only)
-if (!isset($_GET['mode'])) {
+if (!REQUEST_ISSET_GET(('mode'))) {
        // Get referal id
        $content['refid'] = bigintval(getConfig('primera_refid'));
 
@@ -76,9 +76,9 @@ if (!isset($_GET['mode'])) {
        SQL_FREERESULT($result);
 
        // Is there an ID?
-       if ((!empty($content['primera_nickname'])) && (!isset($_GET['mode']))) {
+       if ((!empty($content['primera_nickname'])) && (!REQUEST_ISSET_GET(('mode')))) {
                // Then use an other "mode"
-               $_GET['mode'] = "list";
+               REQUEST_SET_GET('mode', "list");
 
                // And load all rows!
                $result = SQL_QUERY_ESC("SELECT `id`, `primera_account`, `primera_amount`, `primera_timestamp`, `primera_type` FROM `{!_MYSQL_PREFIX!}_user_primera` WHERE `userid` = %s ORDER BY `primera_timestamp` DESC",
@@ -106,10 +106,10 @@ if (!isset($_GET['mode'])) {
                SQL_FREERESULT($result);
        } else {
                // Mode pay
-               $_GET['mode'] = "pay";
+               REQUEST_SET_GET('mode', "pay");
        }
 } // END - if
-if ($_GET['mode'] == "pay") {
+if (REQUEST_GET('mode') == "pay") {
        // Get total points and check if the user can request a payout
        $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
 
@@ -146,37 +146,37 @@ if ($_GET['mode'] == "pay") {
        SQL_FREERESULT($result);
 } else {
        // Invalid mode!
-       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
        return;
 }
 
 // Is the formular sent?
-if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('mode')))) {
        // Check input data depending on the mode and execute the requested mode
-       switch ($_GET['mode']) {
+       switch (REQUEST_GET('mode')) {
                case "pay": // Payout this exchange -> Primus
                        // Is the user ID and password set?
-                       if (empty($_POST['primera_nickname'])) {
+                       if (!REQUEST_ISSET_POST(('primera_nickname'))) {
                                // Nothing entered in Primus nickname
                                LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_USERNAME);
-                       } elseif (empty($_POST['primera_password'])) {
+                       } elseif (!REQUEST_ISSET_POST(('primera_password'))) {
                                // Nothing entered in Primera password
                                LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_PASSWORD);
-                       } elseif (empty($_POST['amount'])) {
+                       } elseif (!REQUEST_ISSET_POST(('amount'))) {
                                // Nothing entered in amount
                                LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_EMPTY_AMOUNT);
-                       } elseif ($_POST['amount'] != bigintval($_POST['amount'])) {
+                       } elseif (REQUEST_POST('amount') != bigintval(REQUEST_POST('amount'))) {
                                // Only numbers in amount!
                                LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_INVALID_AMOUNT);
-                       } elseif ($_POST['amount'] < getConfig('primera_min_payout')) {
+                       } elseif (REQUEST_POST('amount') < getConfig('primera_min_payout')) {
                                // Not enougth entered!
                                LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('primera_min_payout'))));
-                       } elseif ($_POST['amount'] > $points) {
+                       } elseif (REQUEST_POST('amount') > $points) {
                                // Not enougth points left!
-                               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval($_POST['amount']), bigintval($points)));
+                               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval(REQUEST_POST('amount')), bigintval($points)));
                        } else {
                                // All is fine here so do the payout
-                               $success = PRIMERA_EXECUTE_PAYOUT($_POST['primera_nickname'], md5($_POST['primera_password']), $_POST['amount']);
+                               $success = PRIMERA_EXECUTE_PAYOUT(REQUEST_POST('primera_nickname'), md5(REQUEST_POST('primera_password')), REQUEST_POST('amount'));
                                if ($success) {
                                        // Default is locked!
                                        $locked = true;
@@ -188,11 +188,11 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                        } // END - if
 
                                        // Remove points from account
-                                       SUB_POINTS("primera_payout", $GLOBALS['userid'], $_POST['amount']);
+                                       SUB_POINTS("primera_payout", $GLOBALS['userid'], REQUEST_POST('amount'));
 
                                        // Update primera nickname
                                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `primera_userid`=%s WHERE userid=%s LIMIT 1",
-                                               array($_POST['primera_nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
+                                               array(REQUEST_POST('primera_nickname'), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                        // All done!
                                        LOAD_TEMPLATE("admin_settings_saved", false, PRIMERA_MEMBER_PAYOUT_DONE);
@@ -208,14 +208,14 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                        break;
 
                default: // Invalid mode!
-                       DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", $_GET['mode']));
-                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+                       DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", REQUEST_GET('mode')));
+                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(PRIMERA_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
                        return;
        }
 } // END - if
 
 // Prepare mode for template name
-$mode = sprintf("member_primera_mode_%s", SQL_ESCAPE($_GET['mode']));
+$mode = sprintf("member_primera_mode_%s", SQL_ESCAPE(REQUEST_GET('mode')));
 
 // Load the template
 LOAD_TEMPLATE($mode, false, $content);
index e3c56d86d66bb8c298321eb37fd0a921b0175169..f78aba8b9bd31d3a6ce50f326f963474ecc15203 100644 (file)
@@ -55,16 +55,16 @@ if (getConfig('refback_enabled') != "Y") {
 ADD_DESCR("member", __FILE__);
 
 // Was the form submitted?
-if ((isset($_POST['edit'])) && (isset($_POST['id']))) {
+if ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('id')))) {
        // Okay, has the user entered some values?
-       if (isset($_POST['percents'])) {
+       if (REQUEST_ISSET_POST(('percents'))) {
                // Revert german commta for testing
-               $percents = REVERT_COMMA($_POST['percents']);
+               $percents = REVERT_COMMA(REQUEST_POST('percents'));
 
                // Validate percents
                if ((($percents >= getConfig('refback_min_perc')) || (round($percents) == 0)) && ($percents <= getConfig('refback_max_perc'))) {
                        // Change ref-back for this direct id
-                       $status = REFBACK_CHANGE_MEMBER_PERCENTS($_POST['id'], $_POST['percents']);
+                       $status = REFBACK_CHANGE_MEMBER_PERCENTS(REQUEST_POST('id'), REQUEST_POST('percents'));
 
                        // Check status
                        if (isset($status['ok'])) {
@@ -85,7 +85,7 @@ if ((isset($_POST['edit'])) && (isset($_POST['id']))) {
                // Insert line
        } else {
                // Read data from refback table
-               $content = GET_USER_REF_ENTRY($_POST['id']);
+               $content = GET_USER_REF_ENTRY(REQUEST_POST('id'));
 
                // Translate comma
                $content['refback'] = TRANSLATE_COMMA($content['refback']);
index 5315036aacf9aaa29b1c9a2520669d66619d0a04..9062a3841ec0ebf2b519e89c5fde4f5f0f177d30 100644 (file)
@@ -45,20 +45,20 @@ if (!defined('__SECURITY')) {
 // Add description as navigation point
 ADD_DESCR("member", __FILE__);
 
-if ((!isset($_POST['ok'])) || (empty($_POST['qsummary']))) {
+if ((!IS_FORM_SENT()) || (!REQUEST_ISSET_POST(('qsummary')))) {
        // Output form
        LOAD_TEMPLATE("member_support_form");
 } else {
        // Load mail template based on your member's decision
        if (GET_EXT_VERSION("admins") >= "0.4.1") {
-               $a_tpl = "admin_support-".$_POST['qsummary'];
+               $a_tpl = "admin_support-".REQUEST_POST('qsummary');
        } else {
-               $msg_a = LOAD_EMAIL_TEMPLATE("admin_support-".$_POST['qsummary'], array('text' => $_POST['qdetails']), $GLOBALS['userid']);
+               $msg_a = LOAD_EMAIL_TEMPLATE("admin_support-".REQUEST_POST('qsummary'), array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']);
        }
-       $msg_m = LOAD_EMAIL_TEMPLATE("member_support-".$_POST['qsummary'], array('text' => $_POST['qdetails']), $GLOBALS['userid']);
+       $msg_m = LOAD_EMAIL_TEMPLATE("member_support-".REQUEST_POST('qsummary'), array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']);
 
        // Select right subject
-       switch ($_POST['qsummary']) {
+       switch (REQUEST_POST('qsummary')) {
                case "ordr":
                        $subj_a = getMessage('SUPPORT_SUBJ_ADMIN_ORDER');
                        $subj_m = getMessage('SUPPORT_SUBJ_MEMBER_ORDER');
@@ -76,14 +76,14 @@ if ((!isset($_POST['ok'])) || (empty($_POST['qsummary']))) {
        } // END - switch
 
        // Send mail to admin
-       SEND_ADMIN_NOTIFICATION($subj_a, $a_tpl, array('text' => $_POST['qdetails']), $GLOBALS['userid']);
+       SEND_ADMIN_NOTIFICATION($subj_a, $a_tpl, array('text' => REQUEST_POST('qdetails')), $GLOBALS['userid']);
 
        // Send mail to user
        SEND_EMAIL($GLOBALS['userid'], $subj_m, $msg_m);
 
        // Drop a message in the admin's area
        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_task_system` (userid, assigned_admin, status, task_type, subject, text, task_created) VALUES ('%s','0','NEW','SUPPORT_MEMBER','%s','%s', UNIX_TIMESTAMP())",
-               array($GLOBALS['userid'], $subj_a, $_POST['qsummary'].":".array('text' => $_POST['qdetails'])), __FILE__, __LINE__);
+               array($GLOBALS['userid'], $subj_a, REQUEST_POST('qsummary').":".array('text' => REQUEST_POST('qdetails'))), __FILE__, __LINE__);
 
        // Form sent
        LOAD_TEMPLATE("member_support_contcted");
index 16f68e694c26dc58629767fdb4154b084c6d02a7..0b98ccd88d2e6d1479726d63cb287e2c37140c07 100644 (file)
@@ -50,15 +50,15 @@ ADD_DESCR("member", __FILE__);
 if (!SURFBAR_IF_USER_BOOK_MORE_URLS()) {
        // No more URLs allowed to book!
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SURFBAR_NO_MORE_ALLOWED'));
-} elseif ((isset($_POST['ok'])) && (isset($_POST['limited']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('limited')))) {
        // Is limitation "no" and "limit" is > 0?
-       if (($_POST['limited'] == "N") && ((isset($_POST['limit'])) && ($_POST['limit'] > 0)) || (!isset($_POST['limit']))) {
+       if ((REQUEST_POST('limited') == "N") && ((REQUEST_ISSET_POST(('limit'))) && (REQUEST_POST('limit') > 0)) || (!REQUEST_ISSET_POST(('limit')))) {
                // Set it to unlimited
-               $_POST['limit'] = 0;
+               REQUEST_SET_POST('limit', 0);
        } // END - if
 
        // Register the new URL
-       $insertId = SURFBAR_MEMBER_ADD_URL($_POST['url'], $_POST['limit']);
+       $insertId = SURFBAR_MEMBER_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit'));
 
        // By default something went wrong
        $msg = getMessage('MEMBER_SURFBAR_URL_NOT_ADDED');
index b5aeeba06398c96e6ae7c0e58afe2958be5edff5..bb07b7a175bf0ec8a2fed08009b7c389d7d0ad41 100644 (file)
@@ -49,11 +49,11 @@ ADD_DESCR("member", __FILE__);
 $URLs = SURFBAR_GET_USER_URLS();
 
 // Are there entries or form is submitted?
-if ((isset($_POST['ok'])) && (isset($_POST['action'])) && (isset($_POST['id']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('action'))) && (REQUEST_ISSET_POST(('id')))) {
        // Process the form
-       if (SURFBAR_MEMBER_DO_FORM($_POST, $URLs)) {
+       if (SURFBAR_MEMBER_DO_FORM(REQUEST_POST_ARRAY(), $URLs)) {
                // Action performed but shall we display it?
-               if ((($_POST['action'] != "edit") && ($_POST['action'] != "delete")) || (isset($_POST['execute']))) {
+               if (((REQUEST_POST('action') != "edit") && (REQUEST_POST('action') != "delete")) || (REQUEST_ISSET_POST(('execute')))) {
                        // Display "action done" message if action is wether 'edit' nor 'delete' or has been executed
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEMBER_SURFBAR_ACTION_DONE'));
                } // END - if
index cf10a10eab7a7b62bc51f8190c313c2f87b8d108..eac6c44ec1f1c8b60e76fb6c5ff4a204881c9bd6 100644 (file)
@@ -45,13 +45,13 @@ if (!defined('__SECURITY')) {
 // Add description as navigation point
 ADD_DESCR("member", __FILE__);
 
-if (!empty($_POST['member_theme'])) {
+if (REQUEST_ISSET_POST(('member_theme'))) {
        // Save theme to member's profile
        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET curr_theme='%s' WHERE userid=%s LIMIT 1",
-               array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__);
+               array(REQUEST_POST('member_theme'), $GLOBALS['userid']), __FILE__, __LINE__);
 
        // Set new theme for guests
-       $newTheme = SQL_ESCAPE($_POST['member_theme']);
+       $newTheme = SQL_ESCAPE(REQUEST_POST('member_theme'));
 
        // Change to new theme
        set_session('mxchange_theme', $newTheme);
index 83510d2d85681bcfac8bba87cba069d4604e8318..1be4d545db6f5171604f1eef7e22bf9bd39dec45 100644 (file)
@@ -54,7 +54,7 @@ list($opt_in) = SQL_FETCHROW($result);
 SQL_FREERESULT($result);
 
 $MODE = "";
-if (!empty($_GET['mode'])) $MODE = $_GET['mode'];
+if (REQUEST_ISSET_GET(('mode'))) $MODE = REQUEST_GET('mode');
 
 // Check for "faker"
 if (($opt_in == "N") && ($MODE == "new")) $MODE = "";
@@ -68,28 +68,28 @@ case "new": // Start new transfer
        // Remember maximum value for template
        define('__TRANSFER_MAX_VALUE', round($total - getConfig('transfer_balance') - 0.5));
 
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Add new transfer
                if (getConfig('transfer_code') > 0) {
                        // Check for code
-                       $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
-                       $valid_code = ($code == $_POST['code']);
+                       $code = GEN_RANDOM_CODE(getConfig('transfer_code'), REQUEST_POST('code_chk'), $GLOBALS['userid'], constant('__TRANSFER_MAX_VALUE'));
+                       $valid_code = ($code == REQUEST_POST('code'));
                } else {
                        // Zero length (= disabled) is always valid!
                        $valid_code = true;
                }
 
                // Test password
-               $valid_pass = ($pass == generateHash($_POST['password'], $pass));
+               $valid_pass = ($pass == generateHash(REQUEST_POST('password'), $pass));
 
                // Test transfer amount
-               $valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE));
+               $valid_amount = ((REQUEST_ISSET_POST(('points'))) && (REQUEST_POST('points') <= constant('__TRANSFER_MAX_VALUE')));
 
                // Test reason for transfer
-               $valid_reason = (!empty($_POST['reason']));
+               $valid_reason = (REQUEST_ISSET_POST(('reason')));
 
                // Test if a recipient is selected
-               $valid_recipient = ($_POST['to_uid'] > 0);
+               $valid_recipient = (REQUEST_POST('to_uid') > 0);
 
                // Check for nickname extension and set additional data
                $nick = false; $ADD = ", userid";
@@ -100,7 +100,7 @@ case "new": // Start new transfer
 
                // Re-check receivers and own personal data
                $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid IN ('%s','%s') AND `status`='CONFIRMED' ORDER BY userid LIMIT 2",
-                       array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
+                       array($GLOBALS['userid'], bigintval(REQUEST_POST('to_uid'))), __FILE__, __LINE__);
                $valid_data = (SQL_NUMROWS($result) == 2);
 
                if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient) {
@@ -146,7 +146,7 @@ case "new": // Start new transfer
 
                        // Sender's UID is always currently stored in cookie userid...
                        define('__SENDER_UID'     , $GLOBALS['userid']);
-                       define('__RECIPIENT_UID'  , $_POST['to_uid']);
+                       define('__RECIPIENT_UID'  , REQUEST_POST('to_uid'));
 
                        $SENDER = __SENDER_UID;
                        $RECIPIENT = __RECIPIENT_UID;
@@ -161,25 +161,25 @@ case "new": // Start new transfer
                        }
 
                        // Remember transfer reason and fancy date/time in constants
-                       define('__TRANSFER_REASON', $_POST['reason']);
+                       define('__TRANSFER_REASON', REQUEST_POST('reason'));
                        define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME(getConfig('transfer_age')));
 
                        // Generate tranafer id
-                       define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));
+                       define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], REQUEST_POST('reason'))));
 
                        // Add entries to both tables
                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_in` (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
-                               array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+                               array(bigintval(REQUEST_POST('to_uid')), $GLOBALS['userid'], bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID),
                                __FILE__, __LINE__);
                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_out` (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
-                               array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+                               array($GLOBALS['userid'], bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID),
                                __FILE__, __LINE__);
 
                        // Add points to account *directly* ...
-                       ADD_POINTS_REFSYSTEM("member_transfer", bigintval($_POST['to_uid']), bigintval($_POST['points']), false, "0", false, "direct");
+                       ADD_POINTS_REFSYSTEM("member_transfer", bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct");
 
                        // ... and add it to current user's used points
-                       SUB_POINTS("transfer", $GLOBALS['userid'], $_POST['points']);
+                       SUB_POINTS("transfer", $GLOBALS['userid'], REQUEST_POST('points'));
 
                        // First send email to recipient
                        $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
@@ -198,31 +198,31 @@ case "new": // Start new transfer
                } elseif (!$valid_code) {
                        // Invalid Touring code!
                        LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_CODE."</div>");
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                } elseif (!$valid_pass) {
                        // Wrong password entered
                        LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_PASSWORD."</div>");
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                } elseif (!$valid_amount) {
                        // Too much points entered
                        LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_POINTS."</div>");
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                } elseif (!$valid_reason) {
                        // No transfer reason entered
                        LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_REASON."</div>");
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                } elseif (!$valid_recipient) {
                        // No recipient selected
                        LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_RECIPIENT."</div>");
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                } elseif (!$valid_data) {
                        // No recipient selected
                        LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_note\">".TRANSFER_INVALID_DATA."</div>");
-                       unset($_POST['ok']);
+                       REQUEST_UNSET_POST('ok');
                }
        }
 
-       if (!isset($_POST['ok'])) {
+       if (!IS_FORM_SENT()) {
                // Load member list
                if (EXT_IS_ACTIVE("nickname")) {
                        // Load userid and nickname
@@ -240,7 +240,7 @@ case "new": // Start new transfer
   <option value=\"0\">".SELECT_NONE."</option>\n";
                        while (list($uid, $nick) = SQL_FETCHROW($result)) {
                                $OUT .= "<option value=\"".$uid."\"";
-                               if ((isset($_POST['to_uid'])) && ($_POST['to_uid'] == $uid)) $OUT .= " selected=\"selected\"";
+                               if ((REQUEST_ISSET_POST(('to_uid'))) && (REQUEST_POST('to_uid') == $uid)) $OUT .= " selected=\"selected\"";
                                $OUT .= ">";
                                if (($nick != $uid) && (!empty($nick))) {
                                        // Output nickname
@@ -258,7 +258,7 @@ case "new": // Start new transfer
                        SQL_FREERESULT($result);
                } else {
                        // No one else is opt-in
-                       $OUT = TRANSFER_NO_ONE_ELSE_OPT_IN;
+                       $OUT = getMessage('TRANSFER_NO_ONE_ELSE_OPT_IN');
                        define('__TRANSFER_TO_DISABLED', " disabled");
                }
 
@@ -268,19 +268,19 @@ case "new": // Start new transfer
                // Generate Code
                if (getConfig('transfer_code') > 0) {
                        $rand = mt_rand(0, 99999);
-                       $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
+                       $code = GEN_RANDOM_CODE(getConfig('transfer_code'), $rand, $GLOBALS['userid'], constant('__TRANSFER_MAX_VALUE'));
                        $img = GENERATE_IMAGE($code, false);
                        define('__TRANSFER_IMAGE_INPUT', "<input type=\"hidden\" name=\"code_chk\" value=\"".$rand."\" /><input type=\"text\" name=\"code\" class=\"member_normal\" size=\"5\" maxlength=\"7\"{!__TRANSFER_TO_DISABLED!} />&nbsp;".$img);
                } else {
                        $code = "00000";
-                       define('__TRANSFER_IMAGE_INPUT', TRANSFER_NO_CODE);
+                       define('__TRANSFER_IMAGE_INPUT', getMessage('TRANSFER_NO_CODE'));
                }
 
                // Transfer maybe already entered valued'
-               if (isset($_GET['ok'])) {
+               if (REQUEST_ISSET_GET('ok')) {
                        // Get values from form
-                       define('__TRANSFER_POINTS_VALUE', bigintval($_POST['points']));
-                       define('__TRANSFER_REASON_VALUE', strip_tags($_POST['reason']));
+                       define('__TRANSFER_POINTS_VALUE', bigintval(REQUEST_POST('points')));
+                       define('__TRANSFER_REASON_VALUE', strip_tags(REQUEST_POST('reason')));
                } else {
                        // Set empty values
                        define('__TRANSFER_POINTS_VALUE', "");
@@ -494,13 +494,13 @@ case "": // Overview page
                define('__TRANSFER_ALL_LINK', $total);
        }
 
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Save settings
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET opt_in='%s' WHERE userid=%s LIMIT 1",
-                       array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
+                       array(REQUEST_POST('opt_in'), $GLOBALS['userid']), __FILE__, __LINE__);
 
                // Rember for next switch() command
-               $opt_in = $_POST['opt_in'];
+               $opt_in = REQUEST_POST('opt_in');
 
                // "Settings saved..."
                LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"member_done\">".SETTINGS_SAVED."</div>");
index 2ea5c6d34a34f602e48c76e20a8df721a0861f2f..88249052ccb9097b3fe3806ca102f6fd732439fa 100644 (file)
@@ -45,12 +45,12 @@ if (!defined('__SECURITY')) {
 ADD_DESCR("member", __FILE__);
 
 // Shall we display a mail?
-if ((isset($_GET['bonusid'])) && (EXT_IS_ACTIVE("bonus"))) {
+if ((REQUEST_ISSET_GET(('bonusid'))) && (EXT_IS_ACTIVE("bonus"))) {
        // Display bonus mail by loading it's full data
        $result_data = SQL_QUERY_ESC("SELECT id, subject, timestamp, cat_id, points, text, is_notify, data_type, time, url
 FROM `{!_MYSQL_PREFIX!}_bonus`
 WHERE id=%s LIMIT 1",
-               array(bigintval($_GET['bonusid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('bonusid'))), __FILE__, __LINE__);
 
        // Load data
        $content = SQL_FETCHARRAY($result_data);
@@ -76,7 +76,7 @@ WHERE id=%s LIMIT 1",
 
        // Free result
        SQL_FREERESULT($result_data);
-} elseif (isset($_GET['mailid'])) {
+} elseif (REQUEST_ISSET_GET(('mailid'))) {
        // Display regular member mail by loading its full data
        $result_data = SQL_QUERY_ESC("SELECT s.id, s.subject, p.text, s.timestamp_ordered AS `timestamp`, s.cat_id, pay.price AS points, p.sender, pay.time, p.data_type
 FROM `{!_MYSQL_PREFIX!}_user_stats` AS s
@@ -85,7 +85,7 @@ ON s.pool_id=p.id
 LEFT JOIN `{!_MYSQL_PREFIX!}_payments` AS pay
 ON p.payment_id=pay.id
 WHERE s.id=%s LIMIT 1",
-               array(bigintval($_GET['mailid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('mailid'))), __FILE__, __LINE__);
 
        // Load data
        $content = SQL_FETCHARRAY($result_data);
index 057b5864dcfcb4bcc4e2fb1385650073d0a5bcee..9d3a8c991ab09b6b7fa814f55ad650a6d58babcf 100644 (file)
@@ -57,7 +57,7 @@ if ((getConfig('wernis_api_id') == "") || (getConfig('wernis_api_md5') == "")) {
 $content = array(); $points = false;
 
 // Is the mode set (withdraw or payout)
-if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
+if ((!REQUEST_ISSET_GET(('mode'))) || (REQUEST_GET('mode') == "choose")) {
        // Let the user choose what he wants to do
        $content['refid']    = bigintval(getConfig('wernis_refid'));
        $content['wds66_id'] = 0;
@@ -76,9 +76,9 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        SQL_FREERESULT($result);
 
        // Is there an ID?
-       if ((!empty($content['wds66_id'])) && (!isset($_GET['mode']))) {
+       if ((!empty($content['wds66_id'])) && (!REQUEST_ISSET_GET(('mode')))) {
                // Then use an other "mode"
-               $_GET['mode'] = "list";
+               REQUEST_SET_GET('mode', "list");
 
                // And load all rows!
                $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM `{!_MYSQL_PREFIX!}_user_wernis` WHERE `userid` = %s ORDER BY `wernis_timestamp` DESC",
@@ -106,25 +106,25 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
                SQL_FREERESULT($result);
        } else {
                // Default links are not active!
-               $content['payout_link']   = "<em>".WERNIS_MEMBER_PAYOUT_DISABLED."</em>";
-               $content['withdraw_link'] = "<em>".WERNIS_MEMBER_WITHDRAW_DISABLED."</em>";
+               $content['payout_link']   = "<em>{--WERNIS_MEMBER_PAYOUT_DISABLED--}</em>";
+               $content['withdraw_link'] = "<em>{--WERNIS_MEMBER_WITHDRAW_DISABLED--}</em>";
 
                // Is the payout mode active?
                if (getConfig('wernis_payout_active') == "Y") {
                        // Add link
-                       $content['payout_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&amp;what=wernis&amp;mode=payout\"><div style=\"padding-top: 10px\">".MEMBER_WERNIS_MODE_PAYOUT."</div></a>";
+                       $content['payout_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&amp;what=wernis&amp;mode=payout\"><div style=\"padding-top: 10px\">{--MEMBER_WERNIS_MODE_PAYOUT--}</div></a>";
                } // END - if
 
                // Is the withdraw mode active?
                if (getConfig('wernis_withdraw_active') == "Y") {
                        // Add link
-                       $content['withdraw_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&amp;what=wernis&amp;mode=withdraw\"><div style=\"padding-top: 10px\">".MEMBER_WERNIS_MODE_WITHDRAW."</div></a>";
+                       $content['withdraw_link'] = "<a class=\"menu_blur\" style=\"height: 40px\" href=\"{!URL!}/modules.php?module=login&amp;what=wernis&amp;mode=withdraw\"><div style=\"padding-top: 10px\">{--MEMBER_WERNIS_MODE_WITHDRAW--}</div></a>";
                } // END - if
 
                // Mode chooser! ;-)
-               $_GET['mode'] = "choose";
+               REQUEST_SET_GET('mode', "choose");
        }
-} elseif (($_GET['mode'] == "payout") && (getConfig('wernis_payout_active') == "Y")) {
+} elseif ((REQUEST_GET('mode') == "payout") && (getConfig('wernis_payout_active') == "Y")) {
        // Get total points and check if the user can request a payout
        $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
 
@@ -137,7 +137,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        // Is this enougth for a payout?
        if ($points < getConfig('wernis_min_payout')) {
                // No, then abort here
-               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MIN_PAYOUT, TRANSLATE_COMMA(getConfig('wernis_min_payout'))));
+               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(getMessage('WERNIS_MEMBER_MIN_PAYOUT'), TRANSLATE_COMMA(getConfig('wernis_min_payout'))));
                return;
        } // END - if
 
@@ -165,7 +165,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
 
        // Free result
        SQL_FREERESULT($result);
-} elseif (($_GET['mode'] == "withdraw") && (getConfig('wernis_withdraw_active') == "Y")) {
+} elseif ((REQUEST_GET('mode') == "withdraw") && (getConfig('wernis_withdraw_active') == "Y")) {
        // Get total points for just displaying them
        $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
 
@@ -191,46 +191,46 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        SQL_FREERESULT($result);
 } else {
        // Invalid mode!
-       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
        return;
 }
 
 // Is the formular sent?
-if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('mode')))) {
        // Is the user ID and password set?
-       if (empty($_POST['wds66_id'])) {
+       if (!REQUEST_ISSET_POST(('wds66_id'))) {
                // Nothing entered in WDS66 user ID
                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_USERNAME);
-       } elseif (empty($_POST['wds66_password'])) {
+       } elseif (!REQUEST_ISSET_POST(('wds66_password'))) {
                // Nothing entered in WDS66 password
                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_PASSWORD);
-       } elseif (empty($_POST['amount'])) {
+       } elseif (!REQUEST_ISSET_POST(('amount'))) {
                // Nothing entered in amount
                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_AMOUNT);
-       } elseif ($_POST['wds66_id'] != bigintval($_POST['wds66_id'])) {
+       } elseif (REQUEST_POST('wds66_id') != bigintval(REQUEST_POST('wds66_id'))) {
                // Only numbers in account ID!
                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_USERNAME);
-       } elseif ($_POST['amount'] != bigintval($_POST['amount'])) {
+       } elseif (REQUEST_POST('amount') != bigintval(REQUEST_POST('amount'))) {
                // Only numbers in amount!
                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_AMOUNT);
        } else {
                // Check input data depending on the mode and execute the requested mode
-               switch ($_GET['mode']) {
+               switch (REQUEST_GET('mode')) {
                        case "withdraw": // Widthdraws WDS66 -> This exchange
-                               if ($_POST['amount'] < getConfig('wernis_min_withdraw')) {
+                               if (REQUEST_POST('amount') < getConfig('wernis_min_withdraw')) {
                                        // Not enougth entered!
                                        LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('wernis_min_withdraw'))));
                                } else {
                                        // All is fine here so do the withdraw
-                                       $success = WERNIS_EXECUTE_WITHDRAW($_POST['wds66_id'], md5($_POST['wds66_password']), $_POST['amount']);
+                                       $success = WERNIS_EXECUTE_WITHDRAW(REQUEST_POST('wds66_id'), md5(REQUEST_POST('wds66_password')), REQUEST_POST('amount'));
                                        if ($success) {
                                                // Add it to this amount
                                                unset($GLOBALS['ref_level']);
-                                               ADD_POINTS_REFSYSTEM("wernis_withdraw", $GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct");
+                                               ADD_POINTS_REFSYSTEM("wernis_withdraw", $GLOBALS['userid'], bigintval(REQUEST_POST('amount')), false, 0, false, "direct");
 
                                                // Update the user data as well..
                                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
-                                                       array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
+                                                       array(bigintval(REQUEST_POST('wds66_id')), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                                // All done!
                                                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_WITHDRAW_DONE);
@@ -246,22 +246,22 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                break;
 
                        case "payout": // Payout this exchange -> WDS66
-                               if ($_POST['amount'] < getConfig('wernis_min_payout')) {
+                               if (REQUEST_POST('amount') < getConfig('wernis_min_payout')) {
                                        // Not enougth entered!
                                        LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_AMOUNT_SMALLER_MIN, bigintval(getConfig('wernis_min_payout'))));
-                               } elseif ($_POST['amount'] > $points) {
+                               } elseif (REQUEST_POST('amount') > $points) {
                                        // Not enougth points left!
-                                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval($_POST['amount']), bigintval($points)));
+                                       LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval(REQUEST_POST('amount')), bigintval($points)));
                                } else {
                                        // All is fine here so do the withdraw
-                                       $success = WERNIS_EXECUTE_PAYOUT($_POST['wds66_id'], $_POST['amount']);
+                                       $success = WERNIS_EXECUTE_PAYOUT(REQUEST_POST('wds66_id'), REQUEST_POST('amount'));
                                        if ($success) {
                                                // Sub points
-                                               SUB_POINTS("wernis_payout", $GLOBALS['userid'], $_POST['amount']);
+                                               SUB_POINTS("wernis_payout", $GLOBALS['userid'], REQUEST_POST('amount'));
 
                                                // Update WDS66 id
                                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
-                                                       array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
+                                                       array(bigintval(REQUEST_POST('wds66_id')), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                                // All done!
                                                LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_PAYOUT_DONE);
@@ -277,15 +277,15 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                break;
 
                        default: // Invalid mode!
-                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", $_GET['mode']));
-                               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
+                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid mode %s detected.", REQUEST_GET('mode')));
+                               LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE(REQUEST_GET('mode'))));
                                return;
                }
        }
 } // END - if
 
 // Prepare mode for template name
-$mode = sprintf("member_wernis_mode_%s", SQL_ESCAPE($_GET['mode']));
+$mode = sprintf("member_wernis_mode_%s", SQL_ESCAPE(REQUEST_GET('mode')));
 
 // Load the template
 LOAD_TEMPLATE($mode, false, $content);
index f801044c5c01353075f5123b2142dcedf8816050..c22d9e8cb71682b123357b367017297854edf58f 100644 (file)
@@ -42,7 +42,7 @@ if (!defined('__SECURITY')) {
 } elseif (!IS_MEMBER()) {
        // Sorry, no guest access!
        $URL = "modules.php?module=index";
-} elseif (empty($_GET['order'])) {
+} elseif (!REQUEST_ISSET_GET(('order'))) {
        // You cannot call this module directly!
        $URL = "modules.php?module=login&amp;what=order";
 }
@@ -64,7 +64,7 @@ if (empty($URL)) {
 
        // Update sending pool
        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
-               array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+               array($type, bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__);
 
        // Finally is the entry valid?
        if (SQL_AFFECTEDROWS() == 1) {
@@ -76,7 +76,7 @@ if (empty($URL)) {
 
                // Load mail again...              0       1        2           3          4      5      6         7
                $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s LIMIT 1",
-                       array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__);
                $DATA = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
                if (empty($DATA[0])) $DATA[0] = getMessage('DEFAULT_SUBJECT_LINE');
index b5f9a51493a3c0045d560746126402ea3297f79c..03385407ce18fc2a2256711fc7907cbfb392d3a8 100644 (file)
@@ -58,24 +58,24 @@ if (SQL_NUMROWS($result) == 1) {
        $content = SQL_FETCHARRAY($result);
        if ($content['status'] == "CONFIRMED") {
                // Check if form was submitted or not
-               if (!empty($_POST['ok'])) {
+               if (IS_FORM_SENT()) {
                        // Check passwords
-                       if (empty($_POST['pass_old'])) {
+                       if (!REQUEST_ISSET_POST(('pass_old'))) {
                                // No current password entered
                                $MSG = getMessage('SPONSOR_NO_CURRENT_PASSWORD_ENTERED');
-                       } elseif (md5($_POST['pass_old']) != get_session('sponsorpass')) {
+                       } elseif (md5(REQUEST_POST('pass_old')) != get_session('sponsorpass')) {
                                // Entered password didn't match password in DB
                                $MSG = getMessage('SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB');
-                       } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
+                       } elseif ((REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass2'))) {
                                // Both new passwords did not match
                                $MSG = getMessage('SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH');
-                       } elseif ((empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
+                       } elseif ((!REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
                                // No password one entered
                                $MSG = getMessage('SPONSOR_PASSWORD_ONE_EMPTY');
-                       } elseif ((!empty($_POST['pass1'])) && (empty($_POST['pass2']))) {
+                       } elseif ((REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2')))) {
                                // No password two entered
                                $MSG = getMessage('SPONSOR_PASSWORD_TWO_EMPTY');
-                       } elseif ((!empty($_POST['pass1'])) && (strlen($_POST['pass1']) < getConfig('pass_len'))) {
+                       } elseif ((REQUEST_ISSET_POST(('pass1'))) && (strlen(REQUEST_POST('pass1')) < getConfig('pass_len'))) {
                                // Too short password
                                $MSG = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len'));
                        } else {
@@ -83,10 +83,10 @@ if (SQL_NUMROWS($result) == 1) {
                                $PASS_AND = ""; $PASS_DATA = "";
 
                                // Check if we want to change password or not
-                               if (($_POST['pass1'] == $_POST['pass2']) && (!empty($_POST['pass1'])) && ($_POST['pass1'] != $_POST['pass_old'])) {
+                               if ((REQUEST_POST('pass1') == REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass_old'))) {
                                        // Change current password
                                        $PASS_AND  = ", password='%s'";
-                                       $PASS_DATA = md5($_POST['pass1']);
+                                       $PASS_DATA = md5(REQUEST_POST('pass1'));
                                }
 
                                // Unsecure data which we don't want here
@@ -94,14 +94,14 @@ if (SQL_NUMROWS($result) == 1) {
 
                                // Remove all (maybe spoofed) unsafe data from array
                                foreach ($UNSAFE as $remove) {
-                                       unset($_POST[$remove]);
+                                       REQUEST_UNSET_POST($remove);
                                }
 
                                // Set last change timestamp
-                               $_POST['last_change'] = time();
+                               REQUEST_SET_POST('last_change', "UNIX_TIMESTAMP()");
 
                                // Save data
-                               $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+                               $MSG = SPONSOR_SAVE_DATA(REQUEST_POST_ARRAY(), $content);
                        }
 
                        if (!empty($MSG)) {
index 9667913cf0ee2aff6074201d93a2be4e58e2dee9..e9ce3b4b2eed487ae3f6eb09c550170e01711c92 100644 (file)
@@ -53,12 +53,12 @@ if (SQL_NUMROWS($result) == 1) {
        $content = SQL_FETCHARRAY($result);
        if ($content['status'] == "CONFIRMED") {
                // Check if form was submitted or not
-               if (!empty($_POST['ok'])) {
+               if (IS_FORM_SENT()) {
                        // Check passwords
-                       if (empty($_POST['password'])) {
+                       if (!REQUEST_ISSET_POST(('password'))) {
                                // No current password entered
                                $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
-                       } elseif (md5($_POST['password']) != get_session('sponsorpass')) {
+                       } elseif (md5(REQUEST_POST('password')) != get_session('sponsorpass')) {
                                // Entered password didn't match password in DB
                                $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
                        } else {
@@ -69,14 +69,14 @@ if (SQL_NUMROWS($result) == 1) {
 
                                // Remove all (maybe spoofed) unsafe data from array
                                foreach ($UNSAFE as $remove) {
-                                       unset($_POST[$remove]);
+                                       REQUEST_UNSET_POST($remove);
                                }
 
                                // Set last change timestamp
-                               $_POST['last_change'] = time();
+                               REQUEST_SET_POST('last_change', "UNIX_TIMESTAMP()");
 
                                // Save data
-                               $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+                               $MSG = SPONSOR_SAVE_DATA(REQUEST_POST_ARRAY(), $content);
                        }
 
                        if (!empty($MSG)) {
index 0d53569e82584100cf0b2705e8f5c45098af3adf..15a5e4f7919ff90f690bd7ba9c1783625d7a989f 100644 (file)
@@ -43,63 +43,20 @@ define('DEBUG_SQL', false);
 // Non-database functions
 require("inc/functions.php");
 
-// Filter functions
-LOAD_INC_ONCE("inc/filters.php");  
-
-// Functions which interact with the database
-LOAD_INC_ONCE("inc/mysql-manager.php");
-
-// Load extensions and language
-LOAD_INC_ONCE("inc/extensions.php");
-
-// Load database library
-LOAD_INC_ONCE("inc/db/lib.php");
-
-// Error handler function
-function __errorHandler ($errno, $errstr, $errfile, $errline) {
-       // Construct message
-       $msg = sprintf("errno=%s,errstr=%s,errfile=%s,errline=%s",
-               $errno,
-               $errstr,
-               basename($errfile),
-               $errline
-       );
-
-       // Write debug log message
-       DEBUG_LOG(__FUNCTION__, __LINE__, "".$msg, true);
-
-       // Output message to user and die
-       if (EXT_IS_ACTIVE("debug")) {
-               // Debug extension found! So Output a small message
-               mxchange_die("Error message written to debug.log. Please try to call <a href=\"{!URL!}\">the main page</a> to continue.");
-       } else {
-               // No debug extension found, so regular output
-               debug_report_bug($msg);
-       }
-}
+// Load more function libraries
+foreach (array('request-functions', 'config-functions', 'filters', 'mysql-manager', 'extensions', 'db/lib', 'handler', 'hooks') as $lib) {
+       // Load special functions
+       LOAD_INC_ONCE(sprintf("inc/%s.php", $lib));
+} // END - foreach
 
 // Set error handler
 set_error_handler('__errorHandler');
 
-// Call-back function for running shutdown functions and close database connection
-function __SHUTDOWN_HOOK () {
-       // Call the filter chain 'shutdown'
-       RUN_FILTER('shutdown', null, false);
-
-       if (SQL_IS_LINK_UP()) {
-               // Close link
-               SQL_CLOSE(__FILE__, __LINE__);
-       } else {
-               // No database link
-               addFatalMessage(getMessage('NO_DB_LINK'));
-       }
-}
-
 // Register shutdown hook
 register_shutdown_function('__SHUTDOWN_HOOK');
 
 // Check if the user setups his MySQL stuff...
-if ((empty($MySQL['login'])) && (!defined('mxchange_installing')) && (!isset($_GET['installing'])) && (isBooleanConstantAndTrue('mxchange_installed'))) {
+if ((empty($MySQL['login'])) && (!defined('mxchange_installing')) && (!REQUEST_ISSET_GET(('installing'))) && (isBooleanConstantAndTrue('mxchange_installed'))) {
        // No login entered and outside installation mode
        OUTPUT_HTML("<strong>{--LANG_WARNING--}:</strong> ");
        if (isBooleanConstantAndTrue('mxchange_installed')) {
@@ -109,7 +66,7 @@ if ((empty($MySQL['login'])) && (!defined('mxchange_installing')) && (!isset($_G
                // Please run the installation script (maybe again)
                mxchange_die("{--DIE_RUN_INSTALL_MYSQL--}");
        }
-} elseif ((!isBooleanConstantAndTrue('mxchange_installing')) && (!isset($_GET['installing'])) && (empty($MySQL['password'])) && (isBooleanConstantAndTrue('warn_no_pass'))) {
+} elseif ((!isBooleanConstantAndTrue('mxchange_installing')) && (!REQUEST_ISSET_GET(('installing'))) && (empty($MySQL['password'])) && (isBooleanConstantAndTrue('warn_no_pass'))) {
        // No database password entered!!!
        OUTPUT_HTML("<div>{--LANG_WARNING--}:</div> {--WARN_NULL_PASSWORD--}");
 }
index 2a9072d89719481bfc2fd1aa85c2e8225f474c3d..a5eccf7e271e727d4e968695b70ddd50a5aa6096 100644 (file)
@@ -512,7 +512,7 @@ function ADD_MAX_RECEIVE_LIST ($MODE, $default = "", $return = false) {
                        $OUT = "";
                        while (list($value, $comment) = SQL_FETCHROW($result)) {
                                $OUT .= "      <option value=\"".$value."\"";
-                               if ($_POST['max_mails'] == $value) $OUT .= " selected=\"selected\"";
+                               if (REQUEST_POST('max_mails') == $value) $OUT .= " selected=\"selected\"";
                                $OUT .= ">".$value." {--PER_DAY--}";
                                if (!empty($comment)) $OUT .= " (".$comment.")";
                                $OUT .= "</option>\n";
@@ -734,7 +734,7 @@ function SEND_MODE_MAILS($mod, $modes) {
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
-               if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
+               if (($hash == get_session('u_hash')) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, country, zip, city, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND password='%s' LIMIT 1",
                                array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
@@ -761,7 +761,7 @@ function SEND_MODE_MAILS($mod, $modes) {
                                                case "normal": break; // Do not add any special lines
 
                                                case "email": // Email was changed!
-                                                       $content = MEMBER_CHANGED_EMAIL.": ".$_POST['old_addy']."\n";
+                                                       $content = MEMBER_CHANGED_EMAIL.": ".REQUEST_POST('old_addy')."\n";
                                                        break;
 
                                                case "pass": // Password was changed
@@ -777,7 +777,7 @@ function SEND_MODE_MAILS($mod, $modes) {
 
                                        if (EXT_IS_ACTIVE("country")) {
                                                // Replace code with description
-                                               $DATA[4] = COUNTRY_GENERATE_INFO($_POST['country_code']);
+                                               $DATA[4] = COUNTRY_GENERATE_INFO(REQUEST_POST('country_code'));
                                        } // END - if
 
                                        // Load template
@@ -1204,7 +1204,7 @@ function ADD_POINTS_REFSYSTEM ($subject, $uid, $points, $send_notify=false, $rid
 
                                // And sent it away
                                SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg);
-                               if (!isset($_GET['mid'])) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
+                               if (!REQUEST_ISSET_GET(('mid'))) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
                        }
 
                        // Maybe there's another ref?
diff --git a/inc/request-functions.php b/inc/request-functions.php
new file mode 100644 (file)
index 0000000..0066994
--- /dev/null
@@ -0,0 +1,141 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : request-functions.php                            *
+ * -------------------------------------------------------------------- *
+ * Short description : Special functions for request handling           *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Spezialle Funktionen fuer die Anfragebehandlung  *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+       require($INC);
+} // END - if
+
+// Wrapper for elements in $_GET
+function REQUEST_GET ($element) {
+       // By default no element is there
+       $value = null;
+
+       // Is the element there?
+       if (REQUEST_ISSET_GET($element)) {
+               // Then use it
+               $value = $_GET[$element];
+       } // END - if
+
+       // Return value
+       return $value;
+}
+
+// Checks if an element in $_GET exists
+function REQUEST_ISSET_GET ($element) {
+       return (isset($_GET['element']));
+}
+
+// Removes an element from $_GET
+function REQUEST_UNSET_GET ($element) {
+       unset($_GET[$element]);
+}
+
+// Getter for whole $_GET array
+function REQUEST_GET_ARRAY () {
+       return $_GET;
+}
+
+// Counts entries in $_GET or returns false if not an array
+function REQUEST_GET_COUNT () {
+       // By default this is not an array
+       $count = false;
+
+       // Get the array
+       $GET = REQUEST_GET_ARRAY();
+
+       // Is it an array?
+       if (is_array($GET)) {
+               // Then count it
+               $count = count($GET);
+       } // END - if
+
+       // Return value
+}
+
+// Wrapper for elements in $_POST
+function REQUEST_POST ($element) {
+       // By default no element is there
+       $value = null;
+
+       // Is the element there?
+       if (REQUEST_ISSET_POST($element)) {
+               // Then use it
+               $value = $_POST[$element];
+       } // END - if
+
+       // Return value
+       return $value;
+}
+
+// Checks if an element in $_POST exists
+function REQUEST_ISSET_POST ($element) {
+       return (isset($_POST['element']));
+}
+
+// Removes an element from $_POST
+function REQUEST_UNSET_POST ($element) {
+       unset($_POST[$element]);
+}
+
+// Getter for whole $_POST array
+function REQUEST_POST_ARRAY () {
+       return $_POST;
+}
+
+// Counts entries in $_POST or returns false if not an array
+function REQUEST_POST_COUNT () {
+       // By default this is not an array
+       $count = false;
+
+       // Get the array
+       $POST = REQUEST_POST_ARRAY();
+
+       // Is it an array?
+       if (is_array($POST)) {
+               // Then count it
+               $count = count($POST);
+       } // END - if
+
+       // Return value
+}
+
+// Checks wether a form was sent. If so, the $_POST['ok'] element must be set
+function IS_FORM_SENT () {
+       // Simply wrap it!
+       return REQUEST_ISSET_POST('ok');
+}
+
+//
+?>
diff --git a/inc/session-functions.php b/inc/session-functions.php
new file mode 100644 (file)
index 0000000..26e432c
--- /dev/null
@@ -0,0 +1,127 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : session-functions.php                            *
+ * -------------------------------------------------------------------- *
+ * Short description : Session-relevant functions                       *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Sitzungsrelevante Funktionen                     *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+}
+
+// Unset/set session variables
+function set_session ($var, $value) {
+       // Abort in CSS mode here
+       if ($GLOBALS['output_mode'] == 1) return true;
+
+       // Trim value and session variable
+       $var = trim(SQL_ESCAPE($var)); $value = trim($value);
+
+       // Is the session variable set?
+       if (("".$value."" == "") && (isSessionVariableSet($var))) {
+               // Remove the session
+               //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."<br />\n";
+               unset($_SESSION[$var]);
+               return session_unregister($var);
+       } elseif (("".$value."" != '') && (!isSessionVariableSet($var))) {
+               // Set session
+               //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
+               $_SESSION[$var] =  $value;
+               return session_register($var);
+       } elseif (!empty($value)) {
+               // Update session
+               //* DEBUG: */ echo "UPDATE:".$var."=".$value."<br />\n";
+               $_SESSION[$var] = $value;
+               return true;
+       }
+
+       // Ignored (but valid)
+       //* DEBUG: */ echo "IGNORED:".$var."=".$value."<br />\n";
+       return true;
+}
+
+// Check wether a session variable is set
+function isSessionVariableSet ($var) {
+       //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):var={$var}<br />\n";
+       return (isset($_SESSION[$var]));
+}
+
+// Returns wether the value of the session variable or NULL if not set
+function get_session ($var) {
+       // Default is not found! ;-)
+       $value = null;
+
+       // Is the variable there or cached values?
+       if (isset($GLOBALS['cache_array']['session'][$var])) {
+               // Get cached value (skips a lot SQL_ESCAPE() calles!
+               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-CACHE!<br />\n";
+               $value = $GLOBALS['cache_array']['session'][$var];
+       } elseif (isSessionVariableSet($var)) {
+               // Then  get it secured!
+               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-RESOLVE!<br />\n";
+               $value = SQL_ESCAPE($_SESSION[$var]);
+
+               // Cache the value
+               $GLOBALS['cache_array']['session'][$var] = $value;
+       } // END - if
+
+       // Return the value
+       return $value;
+}
+
+// Destroy user session
+function destroy_user_session () {
+       // Reset userid
+       $GLOBALS['userid'] = 0;
+
+       // Remove all user data from session
+       return ((set_session('userid', "")) && (set_session('u_hash', "")));
+}
+
+// Destroys the admin session
+function destroyAdminSession ($destroy = true) {
+       // Kill maybe existing session variables including array elements
+       set_session('admin_login', "");
+       set_session('admin_md5'  , "");
+       set_session('admin_last' , "");
+       set_session('admin_to'   , "");
+
+       // Destroy session and return status
+       if ($destroy) {
+               return session_destroy();
+       } // END - if
+
+       // All fine if we shall not really destroy the session
+       return true;
+}
+
+// [EOF]
+?>
index 6e6fafe2cd21c45d7d6b2beb746034abadf3eb61..c523bbda59c22374f834b1e07cc2363205d5edfd 100644 (file)
@@ -43,7 +43,7 @@ $STYLES = array(
 );
 
 // Add stylesheet for installation
-if ((basename($_SERVER['PHP_SELF']) == "install.php") || (!isBooleanConstantAndTrue('mxchange_installed')) || (isset($_GET['installing']))) $STYLES[] = "install.css";
+if ((basename($_SERVER['PHP_SELF']) == "install.php") || (!isBooleanConstantAndTrue('mxchange_installed')) || (REQUEST_ISSET_GET(('installing')))) $STYLES[] = "install.css";
 
 // When no CSS output-mode is set, set it to file-output
 if (!isConfigEntrySet('css_php')) setConfigEntry('css_php', "FILE");
@@ -78,8 +78,8 @@ if (($GLOBALS['output_mode'] == "1") || (getConfig('css_php') == "DIRECT")) {
        if (isBooleanConstantAndTrue('mxchange_installing')) {
                // Default theme first
                $NEW_THEME = "default";
-               if (!empty($_GET['theme']))  $NEW_THEME = SQL_ESCAPE($_GET['theme']);
-               if (!empty($_POST['theme'])) $NEW_THEME = SQL_ESCAPE($_POST['theme']);
+               if (REQUEST_ISSET_GET(('theme')))  $NEW_THEME = SQL_ESCAPE(REQUEST_GET('theme'));
+               if (REQUEST_ISSET_POST(('theme'))) $NEW_THEME = SQL_ESCAPE(REQUEST_POST('theme'));
                OUTPUT_HTML("?theme=".$NEW_THEME."&amp;installing=1", false);
        } // END - if
        OUTPUT_HTML("\" />");
index 6858ef7d646eeb346be5d093a6b23239bb947d0f..df84d31121d0014ee80476457b509d4d4da341fe 100644 (file)
@@ -64,7 +64,7 @@ require("inc/config.php");
 LOAD_INC("inc/header.php");
 
 // Reload page to page=welcome when it is not specified
-if (!isset($_GET['page'])) {
+if (!REQUEST_ISSET_GET(('page'))) {
        LOAD_URL("install.php?page=welcome");
 } // END - if
 
diff --git a/js.php b/js.php
index ebbdbd789e2464e6520a031e1f5c274a7b84f919..575a6be16d270d00b680e99b7d4952429576a9d9 100644 (file)
--- a/js.php
+++ b/js.php
@@ -55,7 +55,7 @@ $GLOBALS['module'] = "js";
 require("inc/config.php");
 
 // Is this script installed and a JavaScript tag is provied?
-if ((isBooleanConstantAndTrue('mxchange_installed')) && (isset($_GET['tag']))) {
+if ((isBooleanConstantAndTrue('mxchange_installed')) && (REQUEST_ISSET_GET(('tag')))) {
        // Set header
        header("Content-type: text/javascript");
 
@@ -64,7 +64,7 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (isset($_GET['tag']))) {
 
        // Prepare include file for looking
        $INC = sprintf("inc/js/tag-%s.php",
-               SQL_ESCAPE($_GET['tag'])
+               SQL_ESCAPE(REQUEST_GET('tag'))
        );
 
        // Is that file readable?
index 0847e7d3d6c969315f3ed67b0e1fe115a6383c71..2133bd192274c40de440fa3c17cce67c6d170c4b 100644 (file)
@@ -53,9 +53,9 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        $url_uid = 0; $url_bid = 0; $url_mid = 0;
 
        // Secure all data
-       if (!empty($_GET['uid']))     $url_uid = bigintval($_GET['uid']);
-       if (!empty($_GET['mailid']))  $url_mid = bigintval($_GET['mailid']);
-       if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
+       if (REQUEST_ISSET_GET(('uid')))     $url_uid = bigintval(REQUEST_GET('uid'));
+       if (REQUEST_ISSET_GET(('mailid')))  $url_mid = bigintval(REQUEST_GET('mailid'));
+       if (REQUEST_ISSET_GET(('bonusid'))) $url_bid = bigintval(REQUEST_GET('bonusid'));
 
        // 01        1        12            3    32           21    1                   22     10
        if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == 0)) {
index 240588bcfa67143921ed85664b790469f948c9e9..6af37a64d2868d90be4b007d5f8ccee7a475e057 100644 (file)
@@ -54,11 +54,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
 
        // Secure all data
        $url_uid = 0; $url_bid = 0; $url_mid = 0; $code = 0; $mode = "";
-       if (!empty($_GET['uid']))     $url_uid = bigintval($_GET['uid']);
-       if (!empty($_GET['mailid']))  $url_mid = bigintval($_GET['mailid']);
-       if (!empty($_GET['bonusid'])) $url_bid = bigintval($_GET['bonusid']);
-       if (!empty($_GET['code']))    $code    = bigintval($_GET['code']);
-       if (!empty($_GET['mode']))    $mode    = $_GET['mode'];
+       if (REQUEST_ISSET_GET(('uid')))     $url_uid = bigintval(REQUEST_GET('uid'));
+       if (REQUEST_ISSET_GET(('mailid')))  $url_mid = bigintval(REQUEST_GET('mailid'));
+       if (REQUEST_ISSET_GET(('bonusid'))) $url_bid = bigintval(REQUEST_GET('bonusid'));
+       if (REQUEST_ISSET_GET(('code')))    $code    = bigintval(REQUEST_GET('code'));
+       if (REQUEST_ISSET_GET(('mode')))    $mode    = REQUEST_GET('mode');
 
        // 01        1        12            2    2            21    1                   22     10
        if (($url_uid) > 0 && (($url_mid > 0) || ($url_bid > 0)) && (getTotalFatalErrors() == 0)) {
@@ -221,7 +221,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                                                        USER_STATS_INSERT_RECORD($url_uid, $type, $stats_data);
 
                                                                        // Right code entered?
-                                                                       if (bigintval($_POST['gfx_check']) == $img_code) {
+                                                                       if (bigintval(REQUEST_POST('gfx_check')) == $img_code) {
                                                                                // Add points over referal system is the default
                                                                                $locked = false;
                                                                                $template = "mailid_points_done";
index d19dbb2c85897c60a045786bca72f0bf62803f8a..3a95d923ba0e1db9193fbacde8d79f92632cdb90 100644 (file)
@@ -45,14 +45,14 @@ $GLOBALS['action'] = "";
 $GLOBALS['userid'] = 0;
 
 // Fix missing module to "index"
-if (empty($_GET['module'])) $_GET['module'] = "index";
+if (!REQUEST_ISSET_GET(('module'))) REQUEST_SET_GET('module', "index");
 
 // Secure action/what if present
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what']))   $GLOBALS['what']   = secureString($_GET['what']);
+if (REQUEST_ISSET_GET(('action'))) $GLOBALS['action'] = secureString(REQUEST_GET('action'));
+if (REQUEST_ISSET_GET(('what')))   $GLOBALS['what']   = secureString(REQUEST_GET('what'));
 
 // Secure the module name (very important line!)
-$GLOBALS['module'] = secureString($_GET['module']);
+$GLOBALS['module'] = secureString(REQUEST_GET('module'));
 
 // Needed include files
 require("inc/config.php");
diff --git a/ref.php b/ref.php
index 34fe633411a77cb65c3135af6de2a93b06f7f990..35b1e175feb92d6f829c4795330737e8a002707e 100644 (file)
--- a/ref.php
+++ b/ref.php
@@ -60,8 +60,8 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        }
 
        // Get referal ID from ref or refid variable
-       if (!empty($_GET['ref']))        $ref = secureString($_GET['ref']);
-        elseif (!empty($_GET['refid'])) $ref = secureString($_GET['refid']);
+       if (REQUEST_ISSET_GET(('ref')))        $ref = secureString(REQUEST_GET('ref'));
+        elseif (REQUEST_ISSET_GET(('refid'))) $ref = secureString(REQUEST_GET('refid'));
 
        if (!empty($ref)) {
                // Test if nickname or numeric id
index b92c0a8921596e978df431e5f96fc4651f8719a0..5773cf1b7de7f05cee4e5cd6fb904d93ec65a81c 100644 (file)
@@ -54,10 +54,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Include header
        LOAD_INC("inc/header.php");
 
-       if (($_GET['uid'] > 0) && ($_GET['d'] > 0) && (!empty($_GET['t']))) {
+       if ((REQUEST_GET('uid') > 0) && (REQUEST_GET('d') > 0) && (REQUEST_ISSET_GET(('t')))) {
                // Set row name
                $t = "";
-               switch ($_GET['t']) {
+               switch (REQUEST_GET('t')) {
                        case "bonusid": // Bonus mail
                                $t = "bonus_id";
                                break;
@@ -67,7 +67,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                break;
 
                        default: // Invalid type
-                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid type %s detected.", $_GET['t']));
+                               DEBUG_LOG(__FILE__, __LINE__, sprintf("Invalid type %s detected.", REQUEST_GET('t')));
                                break;
                } // END - switch
 
@@ -80,7 +80,7 @@ RIGHT JOIN `{!_MYSQL_PREFIX!}_bonus_turbo` AS b
 ON d.userid=b.userid
 WHERE d.`status`='CONFIRMED' AND d.userid=%s AND b.%s=%s
 LIMIT 1",
-                               array(bigintval($_GET['uid']), $t, bigintval($_GET['d'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('uid')), $t, bigintval(REQUEST_GET('d'))), __FILE__, __LINE__);
 
                        // Entry found?
                        if (SQL_NUMROWS($result) == 1) {
@@ -93,8 +93,8 @@ LIMIT 1",
                                define('__FNAME'    , $content['family']);
                                define('__RANK'     , BIGINTVAL($content['level']));
                                define('__POINTS'   , TRANSLATE_COMMA($content['points']));
-                               define('__MAILID'   , bigintval($_GET['d']));
-                               define('__RANK_ROWS', BONUS_MAKE_RANK_ROWS(bigintval($_GET['d']), $t, bigintval($_GET['uid'])));
+                               define('__MAILID'   , bigintval(REQUEST_GET('d')));
+                               define('__RANK_ROWS', BONUS_MAKE_RANK_ROWS(bigintval(REQUEST_GET('d')), $t, bigintval(REQUEST_GET('uid'))));
 
                                // Constant created within previous function which contains informations for current user's ranking position:
                                //   __YOUR_RANKING_LINE
index 5fb6ec57811b6b4fe63321bea6b74d722c885dbf..d76d7976dffed004eafb2439314f52ffea4f3f8a 100644 (file)
@@ -50,12 +50,12 @@ require("inc/config.php");
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Base URL for redirection
        $URL = "modules.php?module=index&amp;what=sponsor_login&amp;hash=";
-       if (empty($_GET['hash'])) {
+       if (!REQUEST_ISSET_GET(('hash'))) {
                // No refid and we add our refid (don't forget to set $def_refid!)
                $URL = "modules.php?module=index";
        } else {
                // We have an refid here. So we simply add it
-               $URL .= SQL_ESCAPE($_GET['hash']);
+               $URL .= SQL_ESCAPE(REQUEST_GET('hash'));
        }
 
        // Load the URL
index d3a6f6795e3c483dae14bbdafcaba883f4b348cc..0b3345e3cecfa0138b9baec61c2cb90e49bfa8de 100644 (file)
@@ -52,8 +52,8 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
 
        // Get referal ID from ref or refid variable
        $ref = 0;
-       if (!empty($_GET['ref']))        $ref = bigintval($_GET['ref']);
-        elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
+       if (REQUEST_ISSET_GET(('ref')))        $ref = bigintval(REQUEST_GET('ref'));
+        elseif (REQUEST_ISSET_GET(('refid'))) $ref = bigintval(REQUEST_GET('refid'));
 
        if (!empty($ref)) {
                // We have an refid here. So we simply add it
index 5ed6a8aff7efde8a9addcd5d4a00175840e835d8..01ddd7e57ac7de9a95560f288dfd63f636b26ce9 100644 (file)
@@ -65,13 +65,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        SURFBAR_HANDLE_SELF_MAINTENANCE();
 
        // Is there a check value?
-       if ((SURFBAR_CHECK_RELOAD_FULL()) || ((isset($_GET['frame'])) && (in_array($_GET['frame'], array("stop", "stop2", "stats", "textlinks"))))) {
+       if ((SURFBAR_CHECK_RELOAD_FULL()) || ((REQUEST_ISSET_GET(('frame'))) && (in_array(REQUEST_GET('frame'), array("stop", "stop2", "stats", "textlinks"))))) {
                // Reload-lock is full, surfbar stopped so...
                // Load header
                LOAD_INC_ONCE("inc/header.php");
 
                // Load template
-               if (((isset($_GET['frame'])) && ($_GET['frame'] == "stop")) || (!isset($_GET['frame']))) {
+               if (((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "stop")) || (!REQUEST_ISSET_GET(('frame')))) {
                        // Load template for "start" page
                        LOAD_TEMPLATE("surfbar_frame_start");
 
@@ -79,8 +79,8 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        LOAD_TEMPLATE("surfbar_start_banner");
 
                        // This makes the footer appear again
-                       unset($_GET['frame']);
-               } elseif ((isset($_GET['frame'])) && ($_GET['frame'] == "stats")) {
+                       REQUEST_UNSET_GET(('frame'));
+               } elseif ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "stats")) {
                        // Get total points amount
                        $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
 
@@ -98,7 +98,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
 
                        // Load template for "stats" page
                        LOAD_TEMPLATE("surfbar_frame_stats", false, $content);
-               } elseif ((isset($_GET['frame'])) && ($_GET['frame'] == "textlinks")) {
+               } elseif ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "textlinks")) {
                        // Prepare content
                        $content = array(
                                'online'   => SURFBAR_DETERMINE_TOTAL_ONLINE(),
@@ -118,14 +118,14 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        // Load template for stopped surfbar
                        LOAD_TEMPLATE("surfbar_stopped", false, $content);
                }
-       } elseif ((isset($_GET['check'])) && (isset($_GET['id'])) && (isset($_GET['salt']))) {
+       } elseif ((REQUEST_ISSET_GET(('check'))) && (REQUEST_ISSET_GET(('id'))) && (REQUEST_ISSET_GET(('salt')))) {
                // Dummy next id get
-               SURFBAR_DETERMINE_NEXT_ID($_GET['id']);
+               SURFBAR_DETERMINE_NEXT_ID(REQUEST_GET('id'));
 
                // Check reload lock and validation code
-               if ((!SURFBAR_CHECK_RELOAD_LOCK($_GET['id'])) && (SURFBAR_CHECK_VALIDATION_CODE($_GET['id'], $_GET['check'], $_GET['salt']))) {
+               if ((!SURFBAR_CHECK_RELOAD_LOCK(REQUEST_GET('id'))) && (SURFBAR_CHECK_VALIDATION_CODE(REQUEST_GET('id'), REQUEST_GET('check'), REQUEST_GET('salt')))) {
                        // Lock the URL (id) down
-                       SURFBAR_LOCKDOWN_ID($_GET['id']);
+                       SURFBAR_LOCKDOWN_ID(REQUEST_GET('id'));
 
                        // Code is valid so pay points here
                        SURFBAR_PAY_POINTS();
@@ -150,7 +150,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                $templateName = SURFBAR_DETERMINE_TEMPLATE_NAME();
 
                // Frame "top" set?
-               if ((isset($_GET['frame'])) && ($_GET['frame'] == "top")) {
+               if ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "top")) {
                        // Determine next id
                        $nextId = SURFBAR_DETERMINE_NEXT_ID();
 
@@ -175,9 +175,9 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                // Load new URL
                                SURFBAR_RELOAD_TO_STOP_PAGE("stop2");
                        }
-               } elseif ((isset($_GET['frame'])) && ($_GET['frame'] == "start")) {
+               } elseif ((REQUEST_ISSET_GET(('frame'))) && (REQUEST_GET('frame') == "start")) {
                        // Starter frame found so let the footer display
-                       unset($_GET['frame']);
+                       REQUEST_UNSET_GET(('frame'));
                } else {
                        // Load header in frameset mode
                        $isFrameset = true;
index e560adb66a5f2ad57ced5e503175f59a7a267717..7d8768138c1bb99dceba779559104b2f703b3537 100644 (file)
@@ -1,7 +1,7 @@
 Hallo $content[gender] $content[surname] $content[family],
 
 ------------------------------
-Ihre Mitglied-ID lautet: $content[u_id]
+Ihre Mitglied-ID lautet: $content[uid]
 ------------------------------
 
 Einer unserer Administratoren hat Ihnen folgende Nachricht zugeschickt:
index 33601e4a3ba2e7099decacb94b0766bfc09953ee..a8a19e067b6f0fe33cf6ff1f7457fec64c2bd7c7 100644 (file)
@@ -1,4 +1,4 @@
-<form action="{!URL!}/modules.php?module=admin&amp;what=add_points&amp;u_id={!__UID!}" method="POST" style="margin-bottom: 0px">
+<form action="{!URL!}/modules.php?module=admin&amp;what=add_points&amp;uid={!__UID!}" method="POST" style="margin-bottom: 0px">
 <table border="0" cellspacing="0" cellpadding="0" width="500"
        align="center" class="admin_table dashed">
        <tr>
index c2076ec37a64d88352a6d1e92133db516a5240d4..10a14209bd8fed744615fb176cae034cbe909bf4 100644 (file)
@@ -1,5 +1,5 @@
 <form
-       action="{!URL!}/modules.php?module=admin&amp;what=add_points&amp;u_id=all"
+       action="{!URL!}/modules.php?module=admin&amp;what=add_points&amp;uid=all"
        method="POST" style="margin-bottom: 0px">
 <table border="0" cellspacing="0" cellpadding="0" width="500"
        align="center" class="admin_table dashed">
index 09e14a16f94547caafd0f181d71b054d53e1794a..c7fec1d7f1fec7bc1c5ce6bf38b85601286d1e94 100644 (file)
@@ -1,4 +1,4 @@
-<form action="{!URL!}/modules.php?module=admin&amp;what=user_contct&amp;u_id=$content[u_id]" method="POST">
+<form action="{!URL!}/modules.php?module=admin&amp;what=user_contct&amp;uid=$content[uid]" method="POST">
 <table border="0" cellspacing="0" cellpadding="0" width="400" class="admin_table dashed" align="center">
        <tr>
                <td align="center" class="admin_title bottom2" height="30">
index 9b5d2447e75e278254d9e388b169338e54b8b793..035a5b48a65193d687e2f18b1b8ced3f56941e4a 100644 (file)
@@ -1,4 +1,4 @@
-<form action="{!URL!}/modules.php?module=admin&amp;what=del_user&amp;u_id={!__UID!}" method="POST">
+<form action="{!URL!}/modules.php?module=admin&amp;what=del_user&amp;uid={!__UID!}" method="POST">
 <table border="0" cellspacing="0" cellpadding="0" width="500"
        align="center" class="admin_table dashed">
        <tr>
index 15ccea30bbad5f31530082f414fa884ec64887af..fd29b41139618e17b8939537f525225d545bdc2d 100644 (file)
@@ -1,5 +1,5 @@
 <form
-       action="{!URL!}/modules.php?module=admin&amp;what=edit_user&amp;u_id=$content"
+       action="{!URL!}/modules.php?module=admin&amp;what=edit_user&amp;uid=$content"
        method="POST">
 <table border="0" cellspacing="0" cellpadding="0" width="400"
        class="admin_table dashed" align="center">
@@ -26,7 +26,7 @@
        <tr>
                <td align="right">{--FAMILY_NAME--}:</td>
                <td class="seperator" width="10">&nbsp;</td>
-               <td><input type="text" name="family_name" class="admin_normal"
+               <td><input type="text" name="family" class="admin_normal"
                        size="15" maxlength="255" value="{!_FAMILY!}"></td>
        </tr>
        <tr>
index addd447f3f640aeaf7918a2405b832365603e227..b75c4bacfdbd3097ba64217ad685364735f0fb3f 100644 (file)
@@ -1,7 +1,7 @@
 <tr>
        <td class="switch_sw$content[sw] bottom2 right2" align="center">$content[win1]$content[cnt]$content[win2]</td>
        <td class="switch_sw$content[sw] bottom2 right2" align="center">$content[win1]<a
-               href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id=$content[uid]">$content[uid]</a>$content[win2]</td>
+               href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid=$content[uid]">$content[uid]</a>$content[win2]</td>
        <td class="switch_sw$content[sw] bottom2 right2">&nbsp;$content[win1]<a
                href="$content[email]">$content[gender] $content[sname]
        $content[fname]</a>$content[win2]</td>
index d5cee91301c281a0dce8ea111f24e225dd185fb5..728786d6bc7c7f2b1bf747b03f1109d846ea289e 100644 (file)
@@ -3,7 +3,7 @@
        <tr>
                <td colspan="3" align="center" class="admin_header bottom2"
                        height="50">{--USER_ID--}: <strong><a
-                       href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id={!__UID!}">{!__UID!}</a></strong>({!__EMAIL!})
+                       href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid={!__UID!}">{!__UID!}</a></strong>({!__EMAIL!})
                </td>
        </tr>
        {!__CATS_ROWS!}
index 7c5183076d735f72727a21b9f0d3ba646e64c309..f81e07e4f72e13c33aa3e04a3d06a52bf53a544e 100644 (file)
@@ -5,7 +5,7 @@
        </tr>
        <tr>
                <td align="center" class="admin_header"><strong>{--ADMIN_MEM_NO_CATS_1--}<a
-                       href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id={!__UID!}">{!__UID!}</a>{--ADMIN_MEM_NO_CATS_2--}</strong>
+                       href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid={!__UID!}">{!__UID!}</a>{--ADMIN_MEM_NO_CATS_2--}</strong>
                </td>
        </tr>
        <tr>
index f060708effd4b956ab7a03076546f03c67ea8ab0..ac7125cbba05229c62a33d2719c83abaa020d75a 100644 (file)
@@ -1,14 +1,14 @@
 <table border="0" cellspacing="0" cellpadding="0" width="500" align="center" class="admin_table dashed">
        <tr>
                <td colspan="4" align="center" class="admin_header bottom2" height="40">
-                       <strong><a href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id={!__UID!}">{!__SNAME_VALUE!} {!__FNAME_VALUE!}</a></strong> ({!__EMAIL_VALUE!}):
+                       <strong><a href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid={!__UID!}">{!__SNAME_VALUE!} {!__FNAME_VALUE!}</a></strong> ({!__EMAIL_VALUE!}):
                </td>
        </tr>
        {!__EMAIL_LIST!}
        <tr>
                <td colspan="4" height="40" class="admin_header" align="center">
                        {--MEMBER_TOTAL_LINKS_1--}{!__NUMS_VALUE!}{--MEMBER_TOTAL_LINKS_2--}<br />
-                       <a href="{!URL!}/modules.php?module=admin&amp;what=list_links&amp;u_id={!__UID!}&del=all" onclick="return confirm('{--ADMIN_REALLY_DELETE_ALL_MAILS--}')">{--ADMIN_DEL_UNCONFIRMED_LINKS--}</a>
+                       <a href="{!URL!}/modules.php?module=admin&amp;what=list_links&amp;uid={!__UID!}&del=all" onclick="return confirm('{--ADMIN_REALLY_DELETE_ALL_MAILS--}')">{--ADMIN_DEL_UNCONFIRMED_LINKS--}</a>
                </td>
        </tr>
 </table>
index 2335141806a47ccb6c771eb42fcaad25696e44af..a3c2681068c7847ad2c5da9f3dedb7cca961f2ea 100644 (file)
@@ -1,7 +1,7 @@
 <tr>
        <td align="center" class="switch_sw$content[sw] bottom2 right2">
        $content[bold_l]<a
-               href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id=$content[uid]">$content[uid]</a>$content[bold_r]
+               href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid=$content[uid]">$content[uid]</a>$content[bold_r]
        </td>
        <td align="center" class="switch_sw$content[sw] bottom2 right2">
        $content[bold_l]$content[old]$content[bold_r]</td>
index 9428df698d5c7a6d4196e53066b17014279c32a0..3f6abdd5408d27f57e2e98760c9c655a384ee5a4 100644 (file)
@@ -1,7 +1,7 @@
 <tr>
        <td align="center" class="switch_sw$content[sw] bottom2 right2">
        $content[bold_l]<a
-               href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id=$content[uid]">$content[uid]</a>$content[bold_r]
+               href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid=$content[uid]">$content[uid]</a>$content[bold_r]
        </td>
        <td align="center" class="switch_sw$content[sw] bottom2 right2">
        $content[bold_l]$content[old]$content[bold_r]</td>
index 7a7dba65c4d218053f70bc393c2172915395e1c3..3626a49c9689dc169f72d2ffdeb2c46c82d30f33 100644 (file)
@@ -2,7 +2,7 @@
 <tr>
        <td width="260" align="center" class="bottom2 right2">
        {--EMAIL_SENDER--}:<br />
-       <strong><a href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;u_id={!__LIST_UNCON_SENDER!}">{!__LIST_UNCON_SENDER!}</a></strong>
+       <strong><a href="{!URL!}/modules.php?module=admin&amp;what=list_user&amp;uid={!__LIST_UNCON_SENDER!}">{!__LIST_UNCON_SENDER!}</a></strong>
        </td>
        <td width="260" align="center" class="bottom2">
        {--EMAIL_SUBJECT--}:<br />
index 7982c58e37ac100abc24381dfce06bb12693086f..5b938f5d119de05fbe2d22a84a316b9733070e5a 100644 (file)
@@ -1,5 +1,5 @@
 <form
-       action="{!URL!}/modules.php?module=admin&amp;what=lock_user&amp;u_id={!__UID!}"
+       action="{!URL!}/modules.php?module=admin&amp;what=lock_user&amp;uid={!__UID!}"
        method="POST">
 <table border="0" cellspacing="0" cellpadding="0" width="500"
        align="center" class="admin_table dashed">
index 45c65533c217b456381d7f606d380a0b6a8443ad..6cf5419cb8580aaa80ba52fcc6a5fb999bbeb9dc 100644 (file)
@@ -13,7 +13,7 @@
                        <input type="hidden" name="module" value="admin" />
                        <input type="hidden" name="what" value="$content" />
                        {--ADMIN_SELECT_USER--}:
-                       <select name="u_id" size="1" class="admin_select">
+                       <select name="uid" size="1" class="admin_select">
                                {!_MEMBER_SELECTION!}
                        </select>
                </td>
index c51708aa836c62d8cb500eeef23eb20c5ea4c35e..b722e4a9794f9abe0c3814ec5434bd3d292583d9 100644 (file)
@@ -1,4 +1,4 @@
-<form action="{!URL!}/modules.php?module=admin&amp;what=sub_points&amp;u_id={!__UID!}" method="POST">
+<form action="{!URL!}/modules.php?module=admin&amp;what=sub_points&amp;uid={!__UID!}" method="POST">
 <table border="0" cellspacing="0" cellpadding="0" width="500"
        align="center" class="admin_table dashed">
        <tr>
index 7ff14f4cd1682eb5af7a3f9ab418cf0a440d1b8b..08fcd6adbf50d1ff782f5d2e3b7a4f690eb0f712 100644 (file)
@@ -1,5 +1,5 @@
 <form
-       action="{!URL!}/modules.php?module=admin&amp;what=sub_points&amp;u_id=all"
+       action="{!URL!}/modules.php?module=admin&amp;what=sub_points&amp;uid=all"
        method="POST">
 <table border="0" cellspacing="0" cellpadding="0" width="500"
        align="center" class="admin_table dashed">
index 81282e478779fc1e1922b158e271368efafab2ae..0bee6ce6059b55341c045573323b692a3c57b70b 100644 (file)
@@ -1,2 +1,2 @@
 <a
-       href="{!URL!}/modules.php?module=admin&amp;what=del_holiday&amp;u_id=$content">{--HOLIDAY_ADMIN_DEL_LINK--}</a>
\ No newline at end of file
+       href="{!URL!}/modules.php?module=admin&amp;what=del_holiday&amp;uid=$content">{--HOLIDAY_ADMIN_DEL_LINK--}</a>
\ No newline at end of file
index a59f4f61c9ddf95c451619a63ead40208e7f5d63..d2a6eef9da7fb812643e6c3a6d77a891e843e395 100644 (file)
@@ -35,7 +35,7 @@
                                <td class="register_right"><input type="text" name="surname"
                                        class="guest_normal" size="15" maxlength="255"
                                        value="{!__SURNAME!}">&nbsp; <input type="text"
-                                       name="family_name" class="guest_normal" size="15" maxlength="255"
+                                       name="family" class="guest_normal" size="15" maxlength="255"
                                        value="{!__FAMILY!}"></td>
                        </tr>
                        <tr>
index c6b88677514bf54747a88bf3e1e98d903f0562c1..e0ebdcc385efcf9ae1e61f64d9dd9d355aab6cab 100644 (file)
@@ -32,7 +32,7 @@
                <td width="10" class="seperator">&nbsp;</td>
                <td><input type="text" name="surname" class="member_normal"
                        size="15" maxlength="255" value="$DATA[0]">&nbsp; <input
-                       type="text" name="family_name" class="member_normal" size="15"
+                       type="text" name="family" class="member_normal" size="15"
                        maxlength="255" value="$DATA[1]"></td>
        </tr>
        <tr>
index f1d85629297c6b81592ddff4216a37ae0665c4bb..e08b8e001745e22f438a2da633fb5f1815c2dfa0 100644 (file)
--- a/view.php
+++ b/view.php
@@ -45,18 +45,18 @@ $GLOBALS['output_mode'] = -1;
 // Load the required file(s)
 require("inc/config.php");
 
-if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
+if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) {
        // Count banner view... we currently don't need the user's id but maybe
        $VIEW = 1;
 
        // for later things... ;-)
        $result = SQL_QUERY_ESC("SELECT url FROM `{!_MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
-               array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)  {
                list($url) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET counter=counter+1 WHERE id=%s LIMIT 1",
-                       array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
 
                $type = substr($url, -3);
                header ("Content-Type: image/".$type);