Complete rewrite of and , wrapper functions added, see bug #101
authorRoland Häder <roland@mxchange.org>
Sat, 28 Feb 2009 21:52:50 +0000 (21:52 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 28 Feb 2009 21:52:50 +0000 (21:52 +0000)
203 files changed:
.gitattributes
beg.php
birthday_confirm.php
click.php
confirm.php
debug.php
doubler.php
img.php
inc/check-reset.php
inc/config-functions.php [new file with mode: 0644]
inc/footer.php
inc/functions.php
inc/handler.php [new file with mode: 0644]
inc/header.php
inc/hooks.php [new file with mode: 0644]
inc/install-inc.php
inc/libs/admins_functions.php
inc/libs/newsletter_functions.php
inc/libs/primera_functions.php
inc/libs/rallye_functions.php
inc/libs/register_functions.php
inc/libs/rewrite_functions.php
inc/libs/sponsor_functions.php
inc/libs/surfbar_functions.php
inc/libs/theme_functions.php
inc/libs/user_functions.php
inc/modules/admin.php
inc/modules/admin/action-logout.php
inc/modules/admin/admin-inc.php
inc/modules/admin/what-add_bank_package.php
inc/modules/admin/what-add_guestnl_cat.php
inc/modules/admin/what-add_points.php
inc/modules/admin/what-add_rallye.php
inc/modules/admin/what-add_sponsor.php
inc/modules/admin/what-add_surfbar_url.php
inc/modules/admin/what-admin_add.php
inc/modules/admin/what-adminedit.php
inc/modules/admin/what-admins_add.php
inc/modules/admin/what-admins_contct.php
inc/modules/admin/what-admins_edit.php
inc/modules/admin/what-admins_mails.php
inc/modules/admin/what-config_active.php
inc/modules/admin/what-config_admin.php
inc/modules/admin/what-config_admins.php
inc/modules/admin/what-config_autopurge.php
inc/modules/admin/what-config_beg.php
inc/modules/admin/what-config_birthday.php
inc/modules/admin/what-config_bonus.php
inc/modules/admin/what-config_cache.php
inc/modules/admin/what-config_cats.php
inc/modules/admin/what-config_doubler.php
inc/modules/admin/what-config_email.php
inc/modules/admin/what-config_extensions.php
inc/modules/admin/what-config_holiday.php
inc/modules/admin/what-config_home.php
inc/modules/admin/what-config_mediadata.php
inc/modules/admin/what-config_mods.php
inc/modules/admin/what-config_newsletter.php
inc/modules/admin/what-config_nickname.php
inc/modules/admin/what-config_order.php
inc/modules/admin/what-config_other.php
inc/modules/admin/what-config_payouts.php
inc/modules/admin/what-config_points.php
inc/modules/admin/what-config_primera.php
inc/modules/admin/what-config_proxy.php
inc/modules/admin/what-config_rallye_prices.php
inc/modules/admin/what-config_refback.php
inc/modules/admin/what-config_refid.php
inc/modules/admin/what-config_register.php
inc/modules/admin/what-config_register2.php
inc/modules/admin/what-config_removeip.php
inc/modules/admin/what-config_rewrite.php
inc/modules/admin/what-config_secure.php
inc/modules/admin/what-config_session.php
inc/modules/admin/what-config_sponsor.php
inc/modules/admin/what-config_stats.php
inc/modules/admin/what-config_surfbar.php
inc/modules/admin/what-config_title.php
inc/modules/admin/what-config_top10.php
inc/modules/admin/what-config_transfer.php
inc/modules/admin/what-config_user.php
inc/modules/admin/what-config_wernis.php
inc/modules/admin/what-config_yoomedia.php
inc/modules/admin/what-del_email.php
inc/modules/admin/what-del_holiday.php
inc/modules/admin/what-del_sponsor.php
inc/modules/admin/what-del_transfer.php
inc/modules/admin/what-del_user.php
inc/modules/admin/what-edit_emails.php
inc/modules/admin/what-edit_sponsor.php
inc/modules/admin/what-edit_user.php
inc/modules/admin/what-email_archiv.php
inc/modules/admin/what-email_details.php
inc/modules/admin/what-extensions.php
inc/modules/admin/what-guest_add.php
inc/modules/admin/what-guestedit.php
inc/modules/admin/what-list_bank_package.php
inc/modules/admin/what-list_beg.php
inc/modules/admin/what-list_bonus.php
inc/modules/admin/what-list_cats.php
inc/modules/admin/what-list_country.php
inc/modules/admin/what-list_doubler.php
inc/modules/admin/what-list_links.php
inc/modules/admin/what-list_newsletter.php
inc/modules/admin/what-list_notifications.php
inc/modules/admin/what-list_payouts.php
inc/modules/admin/what-list_rallyes.php
inc/modules/admin/what-list_refs.php
inc/modules/admin/what-list_sponsor.php
inc/modules/admin/what-list_sponsor_pay.php
inc/modules/admin/what-list_sponsor_pays.php
inc/modules/admin/what-list_surfbar_urls.php
inc/modules/admin/what-list_task.php
inc/modules/admin/what-list_unconfirmed.php
inc/modules/admin/what-list_user.php
inc/modules/admin/what-list_yoomedia_tm.php
inc/modules/admin/what-lock_sponsor.php
inc/modules/admin/what-lock_user.php
inc/modules/admin/what-logs.php
inc/modules/admin/what-maintenance.php
inc/modules/admin/what-mem_add.php
inc/modules/admin/what-memedit.php
inc/modules/admin/what-overview.php
inc/modules/admin/what-payments.php
inc/modules/admin/what-refbanner.php
inc/modules/admin/what-send_bonus.php
inc/modules/admin/what-send_newsletter.php
inc/modules/admin/what-stats_mods.php
inc/modules/admin/what-sub_points.php
inc/modules/admin/what-surfbar_stats.php
inc/modules/admin/what-theme_edit.php
inc/modules/admin/what-theme_import.php
inc/modules/admin/what-unlock_emails.php
inc/modules/admin/what-unlock_sponsor.php
inc/modules/admin/what-unlock_surfbar_urls.php
inc/modules/admin/what-usage.php
inc/modules/admin/what-user_contct.php
inc/modules/chk_login.php
inc/modules/frametester.php
inc/modules/guest/what-confirm.php
inc/modules/guest/what-login.php
inc/modules/guest/what-register.php
inc/modules/guest/what-sponsor_login.php
inc/modules/guest/what-sponsor_reg.php
inc/modules/guest/what-stats.php
inc/modules/index.php
inc/modules/loader.php
inc/modules/member/what-categories.php
inc/modules/member/what-holiday.php
inc/modules/member/what-html_mail.php
inc/modules/member/what-mydata.php
inc/modules/member/what-newsletter.php
inc/modules/member/what-nickname.php
inc/modules/member/what-order.php
inc/modules/member/what-payout.php
inc/modules/member/what-primera.php
inc/modules/member/what-refback.php
inc/modules/member/what-support.php
inc/modules/member/what-surfbar_book.php
inc/modules/member/what-surfbar_list.php
inc/modules/member/what-themes.php
inc/modules/member/what-transfer.php
inc/modules/member/what-unconfirmed.php
inc/modules/member/what-wernis.php
inc/modules/order.php
inc/modules/sponsor/account.php
inc/modules/sponsor/settings.php
inc/mysql-connect.php
inc/mysql-manager.php
inc/request-functions.php [new file with mode: 0644]
inc/session-functions.php [new file with mode: 0644]
inc/stylesheet.php
install.php
js.php
mailid.php
mailid_top.php
modules.php
ref.php
show_bonus.php
sponsor_confirm.php
sponsor_ref.php
surfbar.php
templates/de/emails/member/member_contct.tpl
templates/de/html/admin/admin_add_points.tpl
templates/de/html/admin/admin_add_points_all.tpl
templates/de/html/admin/admin_contct_user_form.tpl
templates/de/html/admin/admin_del_user.tpl
templates/de/html/admin/admin_edit_user.tpl
templates/de/html/admin/admin_list_beg_rows.tpl
templates/de/html/admin/admin_list_cats.tpl
templates/de/html/admin/admin_list_cats_404.tpl
templates/de/html/admin/admin_list_links.tpl
templates/de/html/admin/admin_list_rallye_usr_row.tpl
templates/de/html/admin/admin_list_rallyes_row2.tpl
templates/de/html/admin/admin_list_unconfirmed.tpl
templates/de/html/admin/admin_lock_user.tpl
templates/de/html/admin/admin_member_selection_box.tpl
templates/de/html/admin/admin_sub_points.tpl
templates/de/html/admin/admin_sub_points_all.tpl
templates/de/html/admin/admin_task_holiday.tpl
templates/de/html/guest/guest_register.tpl
templates/de/html/member/member_mydata_edit.tpl
view.php

index 28b84dc..0b7e640 100644 (file)
@@ -92,6 +92,7 @@ inc/autopurge/purge-unconfirmed.php -text
 inc/cache/.htaccess -text
 inc/cache/.revision -text
 inc/check-reset.php -text
+inc/config-functions.php -text
 inc/config.php -text
 inc/databases.php -text
 inc/db/.htaccess -text
@@ -167,7 +168,9 @@ inc/functions.php -text
 inc/gen_mediadata.php -text
 inc/gen_refback.php -text
 inc/gen_sql_patches.php -text
+inc/handler.php -text
 inc/header.php -text
+inc/hooks.php -text
 inc/img/.htaccess -text
 inc/install-inc.php -text
 inc/js/.htaccess -text
@@ -603,6 +606,7 @@ inc/pool/pool-bonus.php -text
 inc/pool/pool-user.php -text
 inc/profile-updte.php -text
 inc/rdf.class.php -text
+inc/request-functions.php -text
 inc/reset/.htaccess -text
 inc/reset/reset_ -text
 inc/reset/reset_beg.php -text
@@ -613,6 +617,7 @@ inc/reset/reset_holiday.php -text
 inc/reset/reset_surfbar.php -text
 inc/reset/reset_yoomedia.php -text
 inc/security.php -text
+inc/session-functions.php -text
 inc/session.php -text
 inc/sql_error.php -text
 inc/stats_bonus.php -text
diff --git a/beg.php b/beg.php
index ae84055..72148cb 100644 (file)
--- a/beg.php
+++ b/beg.php
@@ -54,7 +54,7 @@ REDIRCT_ON_UNINSTALLED_EXTENSION("beg");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Check for userid
-       if (!empty($_GET['uid'])) {
+       if (REQUEST_ISSET_GET(('uid'))) {
                // Init variables
                $uid = 0;
                $result = false;
@@ -64,11 +64,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                $pay = false;
 
                // Validate if it is not a number
-               if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") {
+               if ("".(REQUEST_GET('uid') + 0)."" !== "".REQUEST_GET('uid')."") {
                        if (EXT_IS_ACTIVE("nickname")) {
                                // Maybe we have found a nickname?
                                $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
-                                       array($_GET['uid']), __FILE__, __LINE__);
+                                       array(REQUEST_GET('uid')), __FILE__, __LINE__);
                        } else {
                                // Nickname entered but nickname is not active
                                $msg = constant('CODE_EXTENSION_PROBLEM');
@@ -77,7 +77,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                } else {
                        // Direct userid
                        $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-                               array(bigintval($_GET['uid'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
                }
 
                // Check if locked in so don't pay points
@@ -99,7 +99,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                $points = mt_rand((getConfig('beg_points') * 100000), (getConfig('beg_points_max') * 100000)) / 100000;
 
                                // Set nickname / userid for the template(s
-                               define('__BEG_UID'   , SQL_ESCAPE($_GET['uid']));
+                               define('__BEG_UID'   , SQL_ESCAPE(REQUEST_GET('uid')));
                                define('__BEG_CLICKS', ($clicks + 1));
                                define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true));
                                define('__BEG_POINTS', TRANSLATE_COMMA($points));
@@ -207,7 +207,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                } elseif (($uid == "0") || ($status == "failed")) {
                        // Inalid or locked account, so let's find out
                        $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
-                               array($_GET['uid']), __FILE__, __LINE__);
+                               array(REQUEST_GET('uid')), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1) {
                                // Locked account
                                $msg = constant('CODE_ACCOUNT_LOCKED');
index 7b0a83b..47bb175 100644 (file)
@@ -51,10 +51,10 @@ REDIRECT_ON_UNINSTALLED_EXTENSION("birthday");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Script is installed so let's check for his confirmation link...
-       $uid = bigintval($_GET['uid']);
+       $uid = bigintval(REQUEST_GET('uid'));
 
        // Only allow numbers here...
-       $chk = bigintval($_GET['check'], false);
+       $chk = bigintval(REQUEST_GET('check'), false);
 
        // Check if link is not clicked so far
        $result = SQL_QUERY_ESC("SELECT b.points, d.gender, d.surname, d.family, d.status, d.ref_payout
@@ -63,7 +63,7 @@ INNER JOIN `{!_MYSQL_PREFIX!}_user_data` AS d
 ON b.userid=d.userid
 WHERE b.userid=%s AND b.chk_value='%s' LIMIT 1",
  array($uid, $chk), __FILE__, __LINE__);
-       //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen($_GET['check'])."/".SQL_NUMROWS($result).")<br />\n";
+       //* DEBUG: */ echo "uid=".$uid.",chk=".$chk." (".strlen($chk)."/".strlen(REQUEST_GET('check'))."/".SQL_NUMROWS($result).")<br />\n";
 
        // Is an entry there?
        if (SQL_NUMROWS($result) == 1) {
index 4018e63..342977a 100644 (file)
--- a/click.php
+++ b/click.php
@@ -44,14 +44,14 @@ $GLOBALS['module'] = "click"; $GLOBALS['output_mode'] = -1;
 // Load the required file(s)
 require("inc/config.php");
 
-if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
+if (((REQUEST_ISSET_GET(('user'))) || (REQUEST_ISSET_GET(('reseller')))) && (REQUEST_ISSET_GET(('banner')))) {
        // Update clicks counter...
-       SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+       SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refbanner` SET clicks=clicks+1 WHERE id=%s LIMIT 1", array(bigintval(REQUEST_GET('banner'))), __FILE__, __LINE__);
        if (SQL_AFFECTEDROWS() == 1) {
-               if (!empty($_GET['user'])) {
-                       LOAD_URL("ref.php?refid=".bigintval($_GET['user']));
-               } elseif (!empty($_GET['reseller'])) {
-                       LOAD_URL("shop_reseller.php?reseller=".bigintval($_GET['reseller']));
+               if (REQUEST_ISSET_GET(('user'))) {
+                       LOAD_URL("ref.php?refid=".bigintval(REQUEST_GET('user')));
+               } elseif (REQUEST_ISSET_GET(('reseller'))) {
+                       LOAD_URL("shop_reseller.php?reseller=".bigintval(REQUEST_GET('reseller')));
                }
        } // END - if
 } // END - if
index 278c428..a865009 100644 (file)
@@ -49,12 +49,12 @@ require("inc/config.php");
 if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) {
        // Base URL for redirection
        $URL = "modules.php?module=index&amp;what=confirm&hash=";
-       if (empty($_GET['hash'])) {
+       if (!REQUEST_ISSET_GET(('hash'))) {
                // No refid and we add our refid (don't forget to set $def_refid!)
                $URL = "modules.php?module=index";
        } else {
                // We have an refid here. So we simply add it
-               $URL .= $_GET['hash'];
+               $URL .= REQUEST_GET('hash');
        }
 
        // Load the URL
index 38b90c5..533676e 100644 (file)
--- a/debug.php
+++ b/debug.php
@@ -54,13 +54,13 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (getTotalFatalErrors() =
        } // END - if
 
        // Is the request parameter set?
-       if (isset($_POST['request'])) {
+       if (REQUEST_ISSET_POST(('request'))) {
                // Handle the request
-               if (DEBUG_HANDLE_REQUEST($_POST['request'])) {
+               if (DEBUG_HANDLE_REQUEST(REQUEST_POST('request'))) {
                        // Construct FQFN for the module
                        $INC = sprintf("inc/debug/%s/request_%s",
                                getConfig('debug_mode'),
-                               SQL_ESCAPE($_POST['request'])
+                               SQL_ESCAPE(REQUEST_POST('request'))
                        );
 
                        // Is the module there? Else we log it!
@@ -69,11 +69,11 @@ if ((isBooleanConstantAndTrue('mxchange_installed')) && (getTotalFatalErrors() =
                                LOAD_INC($INC);
                        } else {
                                // Missing request file, may happen while development
-                               DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", $_POST['request']);
+                               DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_404", REQUEST_POST('request'));
                        }
                } else {
                        // Unhandled request detected
-                       DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", $_POST['request']);
+                       DEBUG_ABUSE_LOG(__FILE__, __LINE__, "request_unhandled", REQUEST_POST('request'));
                }
        } else {
                // Empty request
index 92ebdc4..9eb0c4e 100644 (file)
@@ -53,7 +53,7 @@ REDIRECT_ON_UNINSTALLED_EXTENSION("doubler");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Probe for referal ID
-       if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']);
+       if (REQUEST_ISSET_GET(('refid'))) $GLOBALS['refid'] = SQL_ESCAPE(REQUEST_GET('refid'));
 
        // Only check this if refid is provided!
        if ($GLOBALS['refid'] > 0) {
@@ -89,22 +89,22 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        } // END - if
 
        // Begin with doubler script...
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Secure points (so only integer/double values are allowed
-               $_POST['points'] = bigintval($_POST['points']);
+               REQUEST_SET_POST('points', bigintval(REQUEST_POST('points')));
 
                // Begin with doubling process
-               if ((!empty($_POST['userid'])) && (!empty($_POST['pass'])) && (!empty($_POST['points']))) {
+               if ((REQUEST_ISSET_POST(('userid'))) && (REQUEST_ISSET_POST(('pass'))) && (REQUEST_ISSET_POST(('points')))) {
                        // Probe for nickname extension and if a nickname was entered
-                       $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['userid'])."") != $_POST['userid']));
+                       $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round(REQUEST_POST('userid'))."") != REQUEST_POST('userid')));
                        if ($probe_nickname) {
                                // Nickname in URL, so load the ID
                                $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
-                                       array($_POST['userid']), __FILE__, __LINE__);
+                                       array(REQUEST_POST('userid')), __FILE__, __LINE__);
                        } else {
                                // Direct userid entered
                                $result = SQL_QUERY_ESC("SELECT userid, status, password FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
-                                       array(bigintval($_POST['userid'])), __FILE__, __LINE__);
+                                       array(bigintval(REQUEST_POST('userid'))), __FILE__, __LINE__);
                        }
 
                        // Load data
@@ -115,13 +115,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        SQL_FREERESULT($result);
 
                        // Remove any dots and unwanted chars from the points
-                       $_POST['points'] = bigintval(round(REVERT_COMMA($_POST['points'])));
+                       REQUEST_SET_POST('points', bigintval(round(REVERT_COMMA(REQUEST_POST('points')))));
 
                        // Probe for enough points
-                       $probe_points = (($_POST['points'] >= getConfig('doubler_min')) && ($_POST['points'] <= getConfig('doubler_max')));
+                       $probe_points = ((REQUEST_POST('points') >= getConfig('doubler_min')) && (REQUEST_POST('points') <= getConfig('doubler_max')));
 
                        // Check all together
-                       if ((!empty($uid)) && ($password == generateHash($_POST['pass'], substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
+                       if ((!empty($uid)) && ($password == generateHash(REQUEST_POST('pass'), substr($password, 0, -40))) && ($status == "CONFIRMED") && ($probe_points)) {
                                // Nickname resolved to a unique userid or direct userid entered by the member
                                $DOUBLER_UID = $uid;
 
@@ -129,17 +129,17 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                $points = GET_TOTAL_DATA($uid, "user_points", "points") - GET_TOTAL_DATA($uid, "user_data", "used_points");
 
                                // So let's continue with probing his points amount
-                               if (($points - getConfig('doubler_left') - $_POST['points'] * getConfig('doubler_charge')) >= 0) 
+                               if (($points - getConfig('doubler_left') - REQUEST_POST('points') * getConfig('doubler_charge')) >= 0) 
                                        // Enough points are left so let's continue with the doubling process
                                        // Create doubling "account" width *DOUBLED* points
                                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s','%s','%s','".GET_REMOTE_ADDR()."', UNIX_TIMESTAMP(), 'N','N')",
-                                               array($uid, bigintval($GLOBALS['refid']), bigintval($_POST['points'] * 2)), __FILE__, __LINE__);
+                                               array($uid, bigintval($GLOBALS['refid']), bigintval(REQUEST_POST('points') * 2)), __FILE__, __LINE__);
 
                                        // Subtract entered points
-                                       SUB_POINTS("doubler", $uid, $_POST['points']);
+                                       SUB_POINTS("doubler", $uid, REQUEST_POST('points'));
 
                                        // Add points to "total payed" including charge
-                                       $points = $_POST['points'] - $_POST['points'] * getConfig('doubler_charge');
+                                       $points = REQUEST_POST('points') - REQUEST_POST('points') * getConfig('doubler_charge');
                                        UPDATE_CONFIG("doubler_points", $points, "+");
                                        incrementConfigEntry('doubler_points', $points);
 
@@ -149,7 +149,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_doubler` (userid, refid, points, remote_ip, timemark, completed, is_ref) VALUES ('%s',0,'%s','".GET_REMOTE_ADDR()."',UNIX_TIMESTAMP(),'N','Y')",
                                                        array(
                                                                bigintval($GLOBALS['refid']),
-                                                               bigintval($_POST['points'] * 2 * getConfig('doubler_ref'))
+                                                               bigintval(REQUEST_POST('points') * 2 * getConfig('doubler_ref'))
                                                        ), __FILE__, __LINE__);
 
                                                // And that's why we don't want to you more than one referal level of doubler-points. ^^^
@@ -159,7 +159,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                        UPDATE_CONFIG("doubler_counter", 1, "+");
 
                                        // Set constant
-                                       define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, $_POST['userid']));
+                                       define('__DOUBLER_MSG', LOAD_TEMPLATE("doubler_reflink", true, REQUEST_POST('userid')));
                                } else {
                                        // Not enougth points left
                                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_NO_POINTS_LEFT'));
@@ -173,10 +173,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        } elseif ($status == "LOCKED") {
                                // Account is locked by admin / holiday!
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_STATUS_LOCKED'));
-                       } elseif ($_POST['points'] < getConfig('doubler_min')) {
+                       } elseif (REQUEST_POST('points') < getConfig('doubler_min')) {
                                // Not enougth points entered
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MIN'));
-                       } elseif ($_POST['points'] > getConfig('doubler_max')) {
+                       } elseif (REQUEST_POST('points') > getConfig('doubler_max')) {
                                // Too much points entered
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_POINTS_MAX'));
                        } elseif ($probe_nickname) {
@@ -186,13 +186,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                                // Wrong password or account not found
                                define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_MEMBER'));
                        }
-               } elseif (empty($_POST['userid'])) {
+               } elseif (!REQUEST_ISSET_POST(('userid'))) {
                        // Login not entered
                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_LOGIN'));
-               } elseif (empty($_POST['pass'])) {
+               } elseif (!REQUEST_ISSET_POST(('pass'))) {
                        // Password not entered
                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_PASSWORD'));
-               } elseif (empty($_POST['points'])) {
+               } elseif (!REQUEST_ISSET_POST(('points'))) {
                        // points not entered
                        define('__ERROR_MSG', getMessage('DOUBLER_FORM_404_POINTS'));
                }
diff --git a/img.php b/img.php
index 0d68f14..ba43157 100644 (file)
--- a/img.php
+++ b/img.php
@@ -51,13 +51,13 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        LOAD_INC_ONCE("inc/header.php");
 
        // Code set?
-       if (!empty($_GET['code'])) {
+       if (REQUEST_ISSET_GET(('code'))) {
                // Generate image
-               GENERATE_IMAGE(bigintval($_GET['code']));
-       } elseif (!empty($_GET['tag'])) {
+               GENERATE_IMAGE(bigintval(REQUEST_GET('code')));
+       } elseif (REQUEST_ISSET_GET(('tag'))) {
                // Tag set so create the IFN (Include-FileName)
                $INC = sprintf("inc/img/tag-%s.php",
-                       SQL_ESCAPE($_GET['tag'])
+                       SQL_ESCAPE(REQUEST_GET('tag'))
                );
 
                // Include is readable?
index 44e0944..7de291a 100644 (file)
@@ -37,8 +37,8 @@ if (!defined('__SECURITY')) {
        require($INC);
 }
 
-// 01    2              3             32        2         3321    12        3                     32    2                    21    1                        2                    21    1                        2                  21    1      2                 21    1                            10
-if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($GLOBALS['output_mode'] != 1)) {
+// 01    2              3             32        2         3321    12        3                     32    2                    21    1                        2                    21    1                        2                  21    1                  23          321    1                            10
+if ((date("d", getConfig('last_update')) != date("d", time())) && ((!defined('mxchange_installing')) || (!mxchange_installing)) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!REQUEST_ISSET_GET(('register'))) && ($GLOBALS['output_mode'] != 1)) {
        // Do daily things in external PHP file but only when script is completely setup
        // Daily reset was run!
        define('__DAILY_RESET', true);
diff --git a/inc/config-functions.php b/inc/config-functions.php
new file mode 100644 (file)
index 0000000..cde1fa3
--- /dev/null
@@ -0,0 +1,93 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : config-functions.php                             *
+ * -------------------------------------------------------------------- *
+ * Short description : Many non-MySQL functions (also file access)      *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Viele Nicht-MySQL-Funktionen (auch Dateizugriff) *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+       require($INC);
+}
+
+// Merges $_CONFIG with data in given array
+function mergeConfig ($newConfig) {
+       global $_CONFIG;
+       $_CONFIG = merge_array($_CONFIG, $newConfig);
+}
+
+// Getter for $_CONFIG entries
+function getConfig ($entry) {
+       global $_CONFIG;
+
+       // Default value
+       $value = null;
+
+       // Is the entry there?
+       if (isConfigEntrySet($entry)) {
+               // Then use it
+               $value = $_CONFIG[$entry];
+       } // END - if
+
+       // Return it
+       return $value;
+}
+
+// Setter for $_CONFIG entries
+function setConfigEntry ($entry, $value) {
+       global $_CONFIG;
+
+       // Secure the entry name
+       $entry = SQL_ESCAPE($entry);
+
+       // And set it
+       $_CONFIG[$entry] = $value;
+}
+
+// Checks wether the given config entry is set
+function isConfigEntrySet ($entry) {
+       global $_CONFIG;
+       return (isset($_CONFIG[$entry]));
+}
+
+// Increment or init with given value or 1 as default the given config entry
+function incrementConfigEntry ($configEntry, $value=1) {
+       global $_CONFIG;
+
+       // Increment it if set or init it with 1
+       if (getConfig($configEntry) > 0) {
+               $_CONFIG[$configEntry] += $value;
+       } else {
+               $_CONFIG[$configEntry] = $value;
+       }
+}
+
+// [EOF]
+?>
index 47e3ed7..911cbc4 100644 (file)
@@ -47,7 +47,7 @@ if (($GLOBALS['footer_sent'] != "1") && ($GLOBALS['footer_sent'] != "2") && ($GL
        } // END - if
 
        // Shall we display the copyright notice?
-       if ((empty($_GET['frame'])) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) {
+       if ((!REQUEST_ISSET_GET(('frame'))) && (basename($_SERVER['PHP_SELF']) != "mailid_top.php") && (isBooleanConstantAndTrue('WRITE_FOOTER')) && ($GLOBALS['header_sent'] == "2")) {
                // Backlink enabled?
                if (isBooleanConstantAndTrue('ENABLE_BACKLINK')) {
                        // Copyright with backlink, thanks! :-)
@@ -59,7 +59,7 @@ if (($GLOBALS['footer_sent'] != "1") && ($GLOBALS['footer_sent'] != "2") && ($GL
        } // END - if
 
        // Shall we display the parsing time and number of queries?
-       if ((getConfig('show_timings') == "Y") && (empty($_GET['frame'])) && ($GLOBALS['header_sent'] == "2")) {
+       if ((getConfig('show_timings') == "Y") && (!REQUEST_ISSET_GET(('frame'))) && ($GLOBALS['header_sent'] == "2")) {
                // Then display it here
                DISPLAY_PARSING_TIME_FOOTER();
        } // END - if
index 6635ab0..6d414a5 100644 (file)
@@ -711,9 +711,9 @@ function GET_LANGUAGE() {
        $lang = "";
 
        // Is the variable set
-       if (!empty($_GET['mx_lang'])) {
+       if (REQUEST_ISSET_GET(('mx_lang'))) {
                // Accept only first 2 chars
-               $lang = substr($_GET['mx_lang'], 0, 2);
+               $lang = substr(REQUEST_GET('mx_lang'), 0, 2);
        } elseif (isset($GLOBALS['cache_array']['language'])) {
                // Use cached
                $ret = $GLOBALS['cache_array']['language'];
@@ -1677,7 +1677,7 @@ function ADD_EMAIL_NAV($PAGES, $offset, $show_form, $colspan, $return=false) {
        $NAV = "";
        for ($page = 1; $page <= $PAGES; $page++) {
                // Is the page currently selected or shall we generate a link to it?
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        // Is currently selected, so only highlight it
                        $NAV .= "<strong>-";
                } else {
@@ -1685,13 +1685,13 @@ function ADD_EMAIL_NAV($PAGES, $offset, $show_form, $colspan, $return=false) {
                        $NAV .= "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$GLOBALS['what']."&amp;page=".$page."&amp;offset=".$offset;
 
                        // Add userid when we shall show all mails from a single member
-                       if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) $NAV .= "&amp;u_id=".bigintval($_GET['u_id']);
+                       if ((REQUEST_ISSET_GET(('uid'))) && (bigintval(REQUEST_GET('uid')) > 0)) $NAV .= "&amp;uid=".bigintval(REQUEST_GET('uid'));
 
                        // Close open anchor tag
                        $NAV .= "\">";
                }
                $NAV .= $page;
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        // Is currently selected, so only highlight it
                        $NAV .= "-</strong>";
                } else {
@@ -1974,7 +1974,7 @@ function MEMBER_ACTION_LINKS ($uid, $status = "") {
        $eval = "\$OUT = \"[&nbsp;";
 
        foreach ($TARGETS as $tar) {
-               $eval .= "<span class=\\\"admin_user_link\\\"><a href=\\\"{!URL!}/modules.php?module=admin&amp;what=".$tar."&amp;u_id=".$uid."\\\" title=\\\"{--ADMIN_LINK_";
+               $eval .= "<span class=\\\"admin_user_link\\\"><a href=\\\"{!URL!}/modules.php?module=admin&amp;what=".$tar."&amp;uid=".$uid."\\\" title=\\\"{--ADMIN_LINK_";
                //* DEBUG: */ echo "*".$tar."/".$status."*<br />\n";
                if (($tar == "lock_user") && ($status == "LOCKED")) {
                        // Locked accounts shall be unlocked
@@ -2172,9 +2172,9 @@ function ADD_URL_DATA ($URL) {
 
        if ((!defined('__COOKIES')) || ((!__COOKIES))) {
                // Cookies are not accepted
-               if ((!empty($_GET['refid'])) && (strpos($URL, "refid=") == 0)) {
+               if ((REQUEST_ISSET_GET(('refid'))) && (strpos($URL, "refid=") == 0)) {
                        // Cookie found in URL
-                       $ADD .= $BIND."refid=".bigintval($_GET['refid']);
+                       $ADD .= $BIND."refid=".bigintval(REQUEST_GET('refid'));
                } elseif ((GET_EXT_VERSION("sql_patches") != '') && (getConfig('def_refid') > 0)) {
                        // Not found! So let's set default here
                        $ADD .= $BIND."refid=".getConfig('def_refid');
@@ -2282,37 +2282,6 @@ function DISPLAY_PARSING_TIME_FOOTER() {
        LOAD_TEMPLATE("show_timings", false, $content);
 }
 
-// Unset/set session variables
-function set_session ($var, $value) {
-       // Abort in CSS mode here
-       if ($GLOBALS['output_mode'] == 1) return true;
-
-       // Trim value and session variable
-       $var = trim(SQL_ESCAPE($var)); $value = trim($value);
-
-       // Is the session variable set?
-       if (("".$value."" == "") && (isSessionVariableSet($var))) {
-               // Remove the session
-               //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."<br />\n";
-               unset($_SESSION[$var]);
-               return session_unregister($var);
-       } elseif (("".$value."" != '') && (!isSessionVariableSet($var))) {
-               // Set session
-               //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
-               $_SESSION[$var] =  $value;
-               return session_register($var);
-       } elseif (!empty($value)) {
-               // Update session
-               //* DEBUG: */ echo "UPDATE:".$var."=".$value."<br />\n";
-               $_SESSION[$var] = $value;
-               return true;
-       }
-
-       // Ignored (but valid)
-       //* DEBUG: */ echo "IGNORED:".$var."=".$value."<br />\n";
-       return true;
-}
-
 // Check wether a boolean constant is set
 // Taken from user comments in PHP documentation for function constant()
 function isBooleanConstantAndTrue($constName) { // : Boolean
@@ -2338,563 +2307,12 @@ function isBooleanConstantAndTrue($constName) { // : Boolean
        return $res;
 }
 
-// Check wether a session variable is set
-function isSessionVariableSet ($var) {
-       //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):var={$var}<br />\n";
-       return (isset($_SESSION[$var]));
-}
-// Returns wether the value of the session variable or NULL if not set
-function get_session ($var) {
-       // Default is not found! ;-)
-       $value = null;
-
-       // Is the variable there or cached values?
-       if (isset($GLOBALS['cache_array']['session'][$var])) {
-               // Get cached value (skips a lot SQL_ESCAPE() calles!
-               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-CACHE!<br />\n";
-               $value = $GLOBALS['cache_array']['session'][$var];
-       } elseif (isSessionVariableSet($var)) {
-               // Then  get it secured!
-               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): ".$var."-RESOLVE!<br />\n";
-               $value = SQL_ESCAPE($_SESSION[$var]);
-
-               // Cache the value
-               $GLOBALS['cache_array']['session'][$var] = $value;
-       } // END - if
-
-       // Return the value
-       return $value;
-}
-
-// Send notification to admin
-function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") {
-       if (GET_EXT_VERSION("admins") >= "0.4.1") {
-               // Send new way
-               SEND_ADMIN_EMAILS_PRO($subject, $templateName, $content, $uid);
-       } else {
-               // Send outdated way
-               $msg = LOAD_EMAIL_TEMPLATE($templateName, $content, $uid);
-               SEND_ADMIN_EMAILS($subject, $msg);
-       }
-}
-
-// Destroy user session
-function destroy_user_session () {
-       // Reset userid
-       $GLOBALS['userid'] = 0;
-
-       // Remove all user data from session
-       return ((set_session('userid', "")) && (set_session('u_hash', "")));
-}
-
-// Merges an array together but only if both are arrays
-function merge_array ($array1, $array2) {
-       // Are both an array?
-       if ((is_array($array1)) && (is_array($array2))) {
-               // Merge all together
-               return array_merge($array1, $array2);
-       } elseif (is_array($array1)) {
-               // Return left array
-               DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array2 is not an array. array != %s", gettype($array2)));
-               return $array1;
-       } elseif (is_array($array2)) {
-               // Return right array
-               DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("array1 is not an array. array != %s", gettype($array1)));
-               return $array2;
-       }
-
-       // Both are not arrays
-       debug_report_bug(__FUNCTION__.": No arrays provided!");
-}
-
-// Debug message logger
-function DEBUG_LOG ($funcFile, $line, $message, $force=true) {
-       // Is debug mode enabled?
-       if ((isBooleanConstantAndTrue('DEBUG_MODE')) || ($force === true)) {
-               // Log this message away
-               $fp = fopen(constant('PATH')."inc/cache/debug.log", 'a') or mxchange_die("Cannot write logfile debug.log!");
-               fwrite($fp, date("d.m.Y|H:i:s", time())."|".basename($funcFile)."|".$line."|".strip_tags($message)."\n");
-               fclose($fp);
-       } // END - if
-}
-
-// Reads a directory with PHP files in and gets only files back
-function GET_DIR_AS_ARRAY ($baseDir, $prefix) {
-       $INCs = array();
-
-       // Open directory
-       $dirPointer = opendir($baseDir) or mxchange_die("Cannot read ".basename($baseDir)." path!");
-
-       // Read all entries
-       while ($baseFile = readdir($dirPointer)) {
-               // Load file only if extension is active
-               // Make full path
-               $FQFN = $baseDir.$baseFile;
-
-               // Is this a valid reset file?
-               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):baseDir={$baseDir},prefix={$prefix},baseFile={$baseFile}<br />\n";
-               if ((FILE_READABLE($FQFN)) && (substr($baseFile, 0, strlen($prefix)) == $prefix) && (substr($baseFile, -4, 4) == ".php")) {
-                       // Remove both for extension name
-                       $extName = substr($baseFile, strlen($prefix), -4);
-
-                       // Try to find it
-                       $extId = GET_EXT_ID($extName);
-
-                       // Is the extension valid and active?
-                       if (($extId > 0) && (EXT_IS_ACTIVE($extName))) {
-                               // Then add this file
-                               $INCs[] = $FQFN;
-                       } elseif ($extId == 0) {
-                               // Add non-extension files as well
-                               $INCs[] = $FQFN;
-                       }
-               } // END - if
-       } // END - while
-
-       // Close directory
-       closedir($dirPointer);
-
-       // Sort array
-       asort($INCs);
-
-       // Return array with include files
-       return $INCs;
-}
-// Load more reset scripts
-function RESET_ADD_INCLUDES () {
-       // Is the reset set or old sql_patches?
-       if ((!defined('__DAILY_RESET')) || (EXT_VERSION_IS_OLDER("sql_patches", "0.4.5"))) {
-               // Then abort here
-               return array();
-       } // END - if
-
-       // Get more daily reset scripts
-       $INC_POOL = GET_DIR_AS_ARRAY(constant('PATH')."inc/reset/", "reset_");
-
-       // Update database
-       if (!defined('DEBUG_RESET')) UPDATE_CONFIG("last_update", time());
-
-       // Create current week mark
-       $currWeek = date("W", time());
-
-       // Has it changed?
-       if (getConfig('last_week') != $currWeek) {
-               // Include weekly reset scripts
-               $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/weekly/", "weekly_"));
-
-               // Update config
-               if (!defined('DEBUG_WEEKLY')) UPDATE_CONFIG("last_week", $currWeek);
-       } // END - if
-
-       // Create current month mark
-       $currMonth = date("m", time());
-
-       // Has it changed?
-       if (getConfig('last_month') != $currMonth) {
-               // Include monthly reset scripts
-               $INC_POOL = merge_array($INC_POOL, GET_DIR_AS_ARRAY(constant('PATH')."inc/monthly/", "monthly_"));
-
-               // Update config
-               if (!defined('DEBUG_MONTHLY')) UPDATE_CONFIG("last_month", $currMonth);
-       } // END - if
-
-       // Return array
-       return $INC_POOL;
-}
-// Handle extra values
-function HANDLE_EXTRA_VALUES ($filterFunction, $value, $extraValue) {
-       // Default is the value itself
-       $ret = $value;
-
-       // Do we have a special filter function?
-       if (!empty($filterFunction)) {
-               // Does the filter function exist?
-               if (function_exists($filterFunction)) {
-                       // Do we have extra parameters here?
-                       if (!empty($extraValue)) {
-                               // Put both parameters in one new array by default
-                               $args = array($value, $extraValue);
-
-                               // If we have an array simply use it and pre-extend it with our value
-                               if (is_array($extraValue)) {
-                                       // Make the new args array
-                                       $args = merge_array(array($value), $extraValue);
-                               } // END - if
-
-                               // Call the multi-parameter call-back
-                               $ret = call_user_func_array($filterFunction, $args);
-                       } else {
-                               // One parameter call
-                               $ret = call_user_func($filterFunction, $value);
-                       }
-               } // END - if
-       } // END - if
-
-       // Return the value
-       return $ret;
-}
-// Check if given FQFN is a readable file
-function FILE_READABLE($fqfn) {
-       // Check all...
-       return ((file_exists($fqfn)) && (is_file($fqfn)) && (is_readable($fqfn)));
-}
-// Converts timestamp selections into a timestamp
-function CONVERT_SELECTIONS_TO_TIMESTAMP(&$POST, &$DATA, &$id, &$skip) {
-       // Init test variable
-       $test2 = "";
-
-       // Get last three chars
-       $test = substr($id, -3);
-
-       // Improved way of checking! :-)
-       if (in_array($test, array("_ye", "_mo", "_we", "_da", "_ho", "_mi", "_se"))) {
-               // Found a multi-selection for timings?
-               $test = substr($id, 0, -3);
-               if ((isset($POST[$test."_ye"])) && (isset($POST[$test."_mo"])) && (isset($POST[$test."_we"])) && (isset($POST[$test."_da"])) && (isset($POST[$test."_ho"])) && (isset($POST[$test."_mi"])) && (isset($POST[$test."_se"])) && ($test != $test2)) {
-                       // Generate timestamp
-                       $POST[$test] = CREATE_TIMESTAMP_FROM_SELECTIONS($test, $POST);
-                       $DATA[] = sprintf("%s='%s'", $test, $POST[$test]);
-
-                       // Remove data from array
-                       foreach (array("ye", "mo", "we", "da", "ho", "mi", "se") as $rem) {
-                               unset($POST[$test."_".$rem]);
-                       } // END - foreach
-
-                       // Skip adding
-                       unset($id); $skip = true; $test2 = $test;
-               } // END - if
-       } else {
-               // Process this entry
-               $skip = false; $test2 = "";
-       }
-}
-// Reverts the german decimal comma into Computer decimal dot
-function REVERT_COMMA ($str) {
-       // Default float is not a float... ;-)
-       $float = false;
-
-       // Which language is selected?
-       switch (GET_LANGUAGE()) {
-               case "de": // German language
-                       // Remove german thousand dots first
-                       $str = str_replace(".", "", $str);
-
-                       // Replace german commata with decimal dot and cast it
-                       $float = (float)str_replace(",", ".", $str);
-                       break;
-
-               default: // US and so on
-                       // Remove thousand dots first and cast
-                       $float = (float)str_replace(",", "", $str);
-                       break;
-       }
-
-       // Return float
-       return $float;
-}
-
-// Handle menu-depending failed logins and return the rendered content
-function HANDLE_LOGIN_FAILTURES ($accessLevel) {
-       // Default output is empty ;-)
-       $OUT = "";
-
-       // Is the session data set?
-       if ((isSessionVariableSet('mxchange_'.$accessLevel.'_failures')) && (isSessionVariableSet('mxchange_'.$accessLevel.'_last_fail'))) {
-               // Ignore zero values
-               if (get_session('mxchange_'.$accessLevel.'_failures') > 0) {
-                       // Non-guest has login failures found, get both data and prepare it for template
-                       //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):accessLevel={$accessLevel}<br />\n";
-                       $content = array(
-                               'login_failures' => get_session('mxchange_'.$accessLevel.'_failures'),
-                               'last_failure'   => MAKE_DATETIME(get_session('mxchange_'.$accessLevel.'_last_fail'), "2")
-                       );
-
-                       // Load template
-                       $OUT = LOAD_TEMPLATE("login_failures", true, $content);
-               } // END - if
-
-               // Reset session data
-               set_session('mxchange_'.$accessLevel.'_failures', "");
-               set_session('mxchange_'.$accessLevel.'_last_fail', "");
-       } // END - if
-
-       // Return rendered content
-       return $OUT;
-}
-
-// Rebuild cache
-function REBUILD_CACHE ($cache, $inc="") {
-       // Shall I remove the cache file?
-       if ((EXT_IS_ACTIVE("cache")) && (is_object($GLOBALS['cache_instance']))) {
-               // Rebuild cache
-               if ($GLOBALS['cache_instance']->loadCacheFile($cache)) {
-                       // Destroy it
-                       $GLOBALS['cache_instance']->destroyCacheFile();
-               } // END - if
-
-               // Include file given?
-               if (!empty($inc)) {
-                       // Construct FQFN
-                       $INC = sprintf("inc/loader/load_cache-%s.php", $inc);
-
-                       // Is the include there?
-                       if (INCLUDE_READABLE($INC)) {
-                               // And rebuild it from scratch
-                               //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): inc={$inc} - LOADED!<br />\n";
-                               LOAD_INC($INC);
-                       } else {
-                               // Include not found!
-                               DEBUG_LOG(__FUNCTION__, __LINE__, "Include {$inc} not found. cache={$cache}");
-                       }
-               } // END - if
-       } // END - if
-}
-
-// Purge admin menu cache
-function CACHE_PURGE_ADMIN_MENU ($id=0, $action="", $what="", $str="") {
-       // Is the cache extension enabled or no cache instance or admin menu cache disabled?
-       if (!EXT_IS_ACTIVE("cache")) {
-               // Cache extension not active
-               return false;
-       } elseif (!is_object($GLOBALS['cache_instance'])) {
-               // No cache instance!
-               DEBUG_LOG(__FUNCTION__, __LINE__, " No cache instance found.");
-               return false;
-       } elseif ((!isConfigEntrySet('cache_admin_menu')) || (getConfig('cache_admin_menu') != "Y")) {
-               // Caching disabled (currently experiemental!)
-               return false;
-       }
-
-       // Experiemental feature!
-       debug_report_bug("<strong>Experimental feature:</strong> You have to delete the admin_*.cache files by yourself at this point.");
-}
-
-// Translates the "pool type" into human-readable
-function TRANSLATE_POOL_TYPE ($type) {
-       // Default type is unknown
-       $translated = sprintf(getMessage('POOL_TYPE_UNKNOWN'), $type);
-
-       // Generate constant
-       $constName = sprintf("POOL_TYPE_%s", $type);
-
-       // Does it exist?
-       if (defined($constName)) {
-               // Then use it
-               $translated = getMessage($constName);
-       } // END - if
-
-       // Return "translation"
-       return $translated;
-}
-
-// "Getter" for remote IP number
-function GET_REMOTE_ADDR () {
-       // Get remote ip from environment
-       $remoteAddr = getenv('REMOTE_ADDR');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $remoteAddr = GET_ANONYMOUS_REMOTE_ADDR($remoteAddr);
-       } // END - if
-
-       // Return it
-       return $remoteAddr;
-}
-// "Getter" for remote hostname
-function GET_REMOTE_HOST () {
-       // Get remote ip from environment
-       $remoteHost = getenv('REMOTE_HOST');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $remoteHost = GET_ANONYMOUS_REMOTE_HOST($remoteHost);
-       } // END - if
-
-       // Return it
-       return $remoteHost;
-}
-// "Getter" for user agent
-function GET_USER_AGENT () {
-       // Get remote ip from environment
-       $userAgent = getenv('HTTP_USER_AGENT');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $userAgent = GET_ANONYMOUS_USER_AGENT($userAgent);
-       } // END - if
-
-       // Return it
-       return $userAgent;
-}
-// "Getter" for referer
-function GET_REFERER () {
-       // Get remote ip from environment
-       $referer = getenv('HTTP_REFERER');
-
-       // Is removeip installed?
-       if (EXT_IS_ACTIVE("removeip")) {
-               // Then anonymize it
-               $referer = GET_ANONYMOUS_REFERER($referer);
-       } // END - if
-
-       // Return it
-       return $referer;
-}
-
-// Adds a bonus mail to the queue
-// This is a high-level function!
-function ADD_NEW_BONUS_MAIL ($data, $mode="", $output=true) {
-       // Use mode from data if not set and availble ;-)
-       if ((empty($mode)) && (isset($data['mode']))) $mode = $data['mode'];
-
-       // Generate receiver list
-       $RECEIVER = GENERATE_RECEIVER_LIST($data['cat'], $data['receiver'], $mode);
-
-       // Receivers added?
-       if (!empty($RECEIVER)) {
-               // Add bonus mail to queue
-               ADD_BONUS_MAIL_TO_QUEUE(
-                       $data['subject'],
-                       $data['text'],
-                       $RECEIVER,
-                       $data['points'],
-                       $data['seconds'],
-                       $data['url'],
-                       $data['cat'],
-                       $mode,
-                       $data['receiver']
-               );
-
-               // Mail inserted into bonus pool
-               if ($output) LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_BONUS_SEND'));
-       } elseif ($output) {
-               // More entered than can be reached!
-               LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MORE_SELECTED'));
-       } else {
-               // Debug log
-               DEBUG_LOG(__FUNCTION__, __LINE__, " cat={$data['cat']},receiver={$data['receiver']},data=".base64_encode(serialize($data))." More selected, than available!");
-       }
-}
-
-// Determines referal id and sets it
-function DETERMINE_REFID () {
-       global $CLICK, $_SERVER;
-
-       // Check if refid is set
-       if ((!empty($_GET['user'])) && ($CLICK == 1) && (basename($_SERVER['PHP_SELF']) == "click.php")) {
-               // The variable user comes from the click-counter script click.php and we only accept this here
-               $GLOBALS['refid'] = bigintval($_GET['user']);
-       } elseif (!empty($_POST['refid'])) {
-               // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts)
-               $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid']));
-       } elseif (!empty($_GET['refid'])) {
-               // Get referal id from variable refid (so I hope this makes my script more compatible to other scripts)
-               $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['refid']));
-       } elseif (!empty($_GET['ref'])) {
-               // Set refid=ref (the referal link uses such variable)
-               $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
-       } elseif ((isSessionVariableSet('refid')) && (get_session('refid') != 0)) {
-               // Set session refid als global
-               $GLOBALS['refid'] = bigintval(get_session('refid'));
-       } elseif ((GET_EXT_VERSION("sql_patches") != "") && (getConfig('def_refid') > 0)) {
-               // Set default refid as refid in URL
-               $GLOBALS['refid'] = bigintval(getConfig('def_refid'));
-       } elseif ((GET_EXT_VERSION("user") >= "0.3.4") && (getConfig('select_user_zero_refid')) == "Y") {
-               // Select a random user which has confirmed enougth mails
-               $GLOBALS['refid'] = SELECT_RANDOM_REFID();
-       } else {
-               // No default ID when sql_patches is not installed or none set
-               $GLOBALS['refid'] = 0;
-       }
-
-       // Set cookie when default refid > 0
-       if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && (getConfig('def_refid') > 0))) {
-               // Set cookie
-               set_session('refid', $GLOBALS['refid']);
-       } // END - if
-
-       // Return determined refid
-       return $GLOBALS['refid'];
-}
-
-// Destroys the admin session
-function destroyAdminSession ($destroy = true) {
-       // Kill maybe existing session variables including array elements
-       set_session('admin_login', "");
-       set_session('admin_md5'  , "");
-       set_session('admin_last' , "");
-       set_session('admin_to'   , "");
-
-       // Destroy session and return status
-       if ($destroy) {
-               return session_destroy();
-       } // END - if
-
-       // All fine if we shall not really destroy the session
-       return true;
-}
-
 // Checks if a given apache module is loaded
 function IF_APACHE_MODULE_LOADED ($apacheModule) {
        // Check it and return result
        return (((function_exists('apache_get_modules')) && (in_array($apacheModule, apache_get_modules()))) || (!function_exists('apache_get_modules')));
 }
 
-// Merges $_CONFIG with data in given array
-function mergeConfig ($newConfig) {
-       global $_CONFIG;
-       $_CONFIG = merge_array($_CONFIG, $newConfig);
-}
-
-// Getter for $_CONFIG entries
-function getConfig ($entry) {
-       global $_CONFIG;
-
-       // Default value
-       $value = null;
-
-       // Is the entry there?
-       if (isConfigEntrySet($entry)) {
-               // Then use it
-               $value = $_CONFIG[$entry];
-       } // END - if
-
-       // Return it
-       return $value;
-}
-
-// Setter for $_CONFIG entries
-function setConfigEntry ($entry, $value) {
-       global $_CONFIG;
-
-       // Secure the entry name
-       $entry = SQL_ESCAPE($entry);
-
-       // And set it
-       $_CONFIG[$entry] = $value;
-}
-
-// Checks wether the given config entry is set
-function isConfigEntrySet ($entry) {
-       global $_CONFIG;
-       return (isset($_CONFIG[$entry]));
-}
-
-// Increment or init with given value or 1 as default the given config entry
-function incrementConfigEntry ($configEntry, $value=1) {
-       global $_CONFIG;
-
-       // Increment it if set or init it with 1
-       if (getConfig($configEntry) > 0) {
-               $_CONFIG[$configEntry] += $value;
-       } else {
-               $_CONFIG[$configEntry] = $value;
-       }
-}
-
 // "Getter" for language strings
 // @TODO Rewrite all language constants to this function.
 function getMessage ($messageId) {
@@ -2943,17 +2361,17 @@ function GET_CURR_THEME() {
                        // Fix it to default
                        $ret = "default";
                } // END - if
-       } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) {
+       } elseif ((!isBooleanConstantAndTrue('mxchange_installed')) && ((isBooleanConstantAndTrue('mxchange_installing')) || ($GLOBALS['output_mode'] == true)) && ((REQUEST_ISSET_GET(('theme'))) || (REQUEST_ISSET_POST(('theme'))))) {
                // Prepare FQFN for checking
-               $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_GET['theme']));
+               $theme = sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_GET('theme')));
 
                // Installation mode active
-               if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) {
+               if ((REQUEST_ISSET_GET(('theme'))) && (FILE_READABLE($theme))) {
                        // Set cookie from URL data
-                       set_session('mxchange_theme', SQL_ESCAPE($_GET['theme']));
-               } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE($_POST['theme'])))) {
+                       set_session('mxchange_theme', SQL_ESCAPE(REQUEST_GET('theme')));
+               } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", constant('PATH'), SQL_ESCAPE(REQUEST_POST('theme'))))) {
                        // Set cookie from posted data
-                       set_session('mxchange_theme', SQL_ESCAPE($_POST['theme']));
+                       set_session('mxchange_theme', SQL_ESCAPE(REQUEST_POST('theme')));
                }
 
                // Set return value
@@ -3250,8 +2668,8 @@ function convertCodeToMessage ($code) {
                        break;
 
                case constant('CODE_EXTENSION_PROBLEM'):
-                       if (isset($_GET['ext'])) {
-                               $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE($_GET['ext']));
+                       if (REQUEST_ISSET_GET(('ext'))) {
+                               $msg = sprintf(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), SQL_ESCAPE(REQUEST_GET('ext')));
                        } else {
                                $msg = getMessage('EXTENSION_PROBLEM_UNSET_EXT');
                        }
diff --git a/inc/handler.php b/inc/handler.php
new file mode 100644 (file)
index 0000000..e1e9523
--- /dev/null
@@ -0,0 +1,64 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : handler.php                                      *
+ * -------------------------------------------------------------------- *
+ * Short description : Handler functions (call-back)                    *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Handler-Funktionen (Call-Back)                   *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+       require($INC);
+}
+
+// Error handler function
+function __errorHandler ($errno, $errstr, $errfile, $errline) {
+       // Construct message
+       $msg = sprintf("errno=%s,errstr=%s,errfile=%s,errline=%s",
+               $errno,
+               $errstr,
+               basename($errfile),
+               $errline
+       );
+
+       // Write debug log message
+       DEBUG_LOG(__FUNCTION__, __LINE__, "".$msg, true);
+
+       // Output message to user and die
+       if (EXT_IS_ACTIVE("debug")) {
+               // Debug extension found! So Output a small message
+               mxchange_die("Error message written to debug.log. Please try to call <a href=\"{!URL!}\">the main page</a> to continue.");
+       } else {
+               // No debug extension found, so regular output
+               debug_report_bug($msg);
+       }
+}
+
+// [EOF]
+?>
index 650dce7..8d3cd96 100644 (file)
@@ -125,7 +125,7 @@ if (($GLOBALS['header_sent'] != "1") && ($GLOBALS['header_sent'] != "2")) {
 } // END - if
 
 // Load body or not
-if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (isset($_GET['frame']))) || (($GLOBALS['header_sent'] == "1") && (!empty($_GET['frame']))) && ($GLOBALS['output_mode'] != "1")) {
+if (($GLOBALS['module'] != "frametester") || (($GLOBALS['module'] == "frametester") && (REQUEST_ISSET_GET(('frame')))) || (($GLOBALS['header_sent'] == "1") && (REQUEST_ISSET_GET(('frame')))) && ($GLOBALS['output_mode'] != "1")) {
        // Is the header sent and the script is not the mail confirmation script and not a CSS?
        if (($GLOBALS['header_sent'] == "1") && (basename($_SERVER['PHP_SELF']) != "mailid.php") && ($GLOBALS['output_mode'] != "1")) {
                // Add BODY tag
diff --git a/inc/hooks.php b/inc/hooks.php
new file mode 100644 (file)
index 0000000..8bc6463
--- /dev/null
@@ -0,0 +1,55 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 02/28/2009 *
+ * ===============                              Last change: 02/28/2009 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : hooks.php                                        *
+ * -------------------------------------------------------------------- *
+ * Short description : Hooks (call-backs)                               *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Hooks (Call-Back)                                *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+       require($INC);
+}
+
+// Call-back function for running shutdown functions and close database connection
+function __SHUTDOWN_HOOK () {
+       // Call the filter chain 'shutdown'
+       RUN_FILTER('shutdown', null, false);
+
+       if (SQL_IS_LINK_UP()) {
+               // Close link
+               SQL_CLOSE(__FILE__, __LINE__);
+       } else {
+               // No database link
+               addFatalMessage(getMessage('NO_DB_LINK'));
+       }
+}
+
+// [EOF]
+?>
index 1b8d1f4..a6fbd91 100644 (file)
@@ -43,33 +43,33 @@ if (!defined('__SECURITY')) {
 
 // Init variables
 $mysql = "";
-if ((isset($_POST['mysql'])) && (is_array($_POST['mysql']))) $mysql = $_POST['mysql'];
+if ((REQUEST_ISSET_POST(('mysql'))) && (is_array(REQUEST_POST('mysql')))) $mysql = REQUEST_POST('mysql');
 
 // Check if both passwords from SMTP are matching
-if ((isset($_GET['page']) && ($_GET['page'] == 5))) {
+if ((REQUEST_ISSET_GET(('page')) && (REQUEST_GET('page') == 5))) {
        // Okay, we have to check it
-       if (!empty($_POST['smtp_user']) && (empty($_POST['smtp_host']))) {
+       if (REQUEST_ISSET_POST(('smtp_user')) && (!REQUEST_ISSET_POST(('smtp_host')))) {
                // Hostname not set
                OUTPUT_HTML(getMessage('INSTALL_SMTP_HOSTNAME_EMPTY')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 
-       if ((empty($_POST['smtp_pass1'])) && (!empty($_POST['smtp_pass2']))) {
+       if ((!REQUEST_ISSET_POST(('smtp_pass1'))) && (REQUEST_ISSET_POST(('smtp_pass2')))) {
                // Password is empty
                OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS1_EMPTY')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 
-       if ((!empty($_POST['smtp_pass1'])) && (empty($_POST['smtp_pass2']))) {
+       if ((REQUEST_ISSET_POST(('smtp_pass1'))) && (!REQUEST_ISSET_POST(('smtp_pass2')))) {
                // Password repeat is empty
                OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS2_EMPTY')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 
-       if ($_POST['smtp_pass1'] != $_POST['smtp_pass1']) {
+       if (REQUEST_POST('smtp_pass1') != REQUEST_POST('smtp_pass1')) {
                // Passwords are not matching
                OUTPUT_HTML(getMessage('INSTALL_SMTP_PASS_MISMATCH')."<br />");
-               $_GET['page'] = 3;
+               REQUEST_SET_GET('page', 3);
        } // END - if
 } // END - if
 
@@ -80,7 +80,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
        define('__BURL_ACTION', constant('URL'));
 
        // Output page for entered value
-       switch ($_GET['page'])
+       switch (REQUEST_GET('page'))
        {
        case "welcome": // Welcome to the installation!
                LOAD_TEMPLATE("install_welcome");
@@ -108,11 +108,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                define('__MYSQL_DBASE' , $mysql['dbase']);
                define('__MYSQL_PREFIX', $mysql['prefix']);
                define('__MYSQL_LOGIN' , $mysql['login']);
-               define('__SPATH_VALUE' , $_POST['spath']);
-               define('__BURL_VALUE'  , $_POST['burl']);
-               define('__TITLE_VALUE' , $_POST['title']);
-               define('__SLOGAN_VALUE', $_POST['slogan']);
-               define('__EMAIL_VALUE' , $_POST['email']);
+               define('__SPATH_VALUE' , REQUEST_POST('spath'));
+               define('__BURL_VALUE'  , REQUEST_POST('burl'));
+               define('__TITLE_VALUE' , REQUEST_POST('title'));
+               define('__SLOGAN_VALUE', REQUEST_POST('slogan'));
+               define('__EMAIL_VALUE' , REQUEST_POST('email'));
 
                // Load template
                LOAD_TEMPLATE("install_page2");
@@ -120,11 +120,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
 
        case "3":
                // Set more values
-               define('__SPATH_VALUE'  , $_POST['spath']);
-               define('__BURL_VALUE'   , $_POST['burl']);
-               define('__TITLE_VALUE'  , $_POST['title']);
-               define('__SLOGAN_VALUE' , $_POST['slogan']);
-               define('__EMAIL_VALUE'  , $_POST['email']);
+               define('__SPATH_VALUE'  , REQUEST_POST('spath'));
+               define('__BURL_VALUE'   , REQUEST_POST('burl'));
+               define('__TITLE_VALUE'  , REQUEST_POST('title'));
+               define('__SLOGAN_VALUE' , REQUEST_POST('slogan'));
+               define('__EMAIL_VALUE'  , REQUEST_POST('email'));
 
                // Use default SMTP data
                $smtpHost  = constant('SMTP_HOSTNAME');
@@ -133,8 +133,8 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                $smtpPass2 = constant('SMTP_PASSWORD');
 
                // Overwrite it with the data from sent (failed) form
-               if (!empty($_POST['smtp_host'])) $smtpHost = $_POST['smtp_host'];
-               if (!empty($_POST['smtp_user'])) $smtpUser = $_POST['smtp_user'];
+               if (REQUEST_ISSET_POST(('smtp_host'))) $smtpHost = REQUEST_POST('smtp_host');
+               if (REQUEST_ISSET_POST(('smtp_user'))) $smtpUser = REQUEST_POST('smtp_user');
 
                // MySQL settings
                define('__MYSQL_HOST'   , $mysql['host']);
@@ -156,11 +156,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
 
        case "5": // Misc settings
                // General settings
-               define('__SPATH_VALUE'  , $_POST['spath']);
-               define('__BURL_VALUE'   , $_POST['burl']);
-               define('__TITLE_VALUE'  , $_POST['title']);
-               define('__SLOGAN_VALUE' , $_POST['slogan']);
-               define('__EMAIL_VALUE'  , $_POST['email']);
+               define('__SPATH_VALUE'  , REQUEST_POST('spath'));
+               define('__BURL_VALUE'   , REQUEST_POST('burl'));
+               define('__TITLE_VALUE'  , REQUEST_POST('title'));
+               define('__SLOGAN_VALUE' , REQUEST_POST('slogan'));
+               define('__EMAIL_VALUE'  , REQUEST_POST('email'));
 
                // MySQL settings
                define('__MYSQL_HOST'   , $mysql['host']);
@@ -169,9 +169,9 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                define('__MYSQL_LOGIN'  , $mysql['login']);
 
                // SMTP settings
-               define('__SMTP_HOST'    , $_POST['smtp_host']);
-               define('__SMTP_USER'    , $_POST['smtp_user']);
-               define('__SMTP_PASS'    , $_POST['smtp_pass1']);
+               define('__SMTP_HOST'    , REQUEST_POST('smtp_host'));
+               define('__SMTP_USER'    , REQUEST_POST('smtp_user'));
+               define('__SMTP_PASS'    , REQUEST_POST('smtp_pass1'));
                OUTPUT_HTML("<form action=\"{!__BURL_ACTION!}/install.php?page=finalize\" method=\"POST\" target=\"_self\">
 <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"install_content\">
 <tr>
@@ -264,7 +264,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                break;
 
        case "finalize": // Write captured data to files
-               if ((!empty($_POST['finalize'])) && (!isBooleanConstantAndTrue('mxchange_installed'))) {
+               if ((REQUEST_ISSET_POST(('finalize'))) && (!isBooleanConstantAndTrue('mxchange_installed'))) {
                        // You have submitted data then we have to reset the fatal messages
                        $SQLs = array();
 
@@ -274,11 +274,11 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                // Seems to work, also right database?
                                if (SQL_SELECT_DB($mysql['dbase'], __FILE__, __LINE__) === true) {
                                        // Automatically run install.sql
-                                       if ((FILE_READABLE($_POST['spath']."install/tables.sql")) && (FILE_READABLE($_POST['spath']."install/menu-".GET_LANGUAGE().".sql"))) {
+                                       if ((FILE_READABLE(REQUEST_POST('spath')."install/tables.sql")) && (FILE_READABLE(REQUEST_POST('spath')."install/menu-".GET_LANGUAGE().".sql"))) {
                                                // Both exists so import them
                                                foreach (array("tables.sql", "menu-".GET_LANGUAGE().".sql") as $dump) {
                                                        // Should be save here because file_exists() is there but we check it again. :)
-                                                       $FQFN = secureString($_POST['spath']) . "install/" . $dump;
+                                                       $FQFN = secureString(REQUEST_POST('spath')) . "install/" . $dump;
                                                        if (FILE_READABLE($FQFN)) {
                                                                // Read the file
                                                                $SQLs = READ_FILE($FQFN, true);
@@ -311,24 +311,24 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                                } // END - foreach
 
                                                // Ok, all done. So we can write the config data to the php files
-                                               if ($_POST['spath'] != constant('PATH')) changeDataInFile($_POST['spath']."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", $_POST['spath'], 0);
-                                               if ($_POST['burl']  != constant('URL'))  changeDataInFile($_POST['spath']."inc/config.php", "HOST-URL", "define('URL', \"", "\");", $_POST['burl'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", $_POST['title'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", $_POST['slogan'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", $_POST['email'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", $_POST['warn_no_pass'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", $_POST['wfooter'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", $_POST['blink'], 0);
-                                               // changeDataInFile($_POST['spath']."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", $_POST['omode'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-HOST", "      'host'     => \"", "\",", $mysql['host'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-DBASE", "     'dbase'    => \"", "\",", $mysql['dbase'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-LOGIN", "     'login'    => \"", "\",", $mysql['login'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PASSWORD", "  'password' => \"", "\",", $mysql['pass1'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", $_POST['smtp_host'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0);
-                                               changeDataInFile($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
+                                               if (REQUEST_POST('spath') != constant('PATH')) changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", REQUEST_POST('spath'), 0);
+                                               if (REQUEST_POST('burl')  != constant('URL'))  changeDataInFile(REQUEST_POST('spath')."inc/config.php", "HOST-URL", "define('URL', \"", "\");", REQUEST_POST('burl'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", REQUEST_POST('title'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", REQUEST_POST('slogan'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", REQUEST_POST('email'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", REQUEST_POST('warn_no_pass'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", REQUEST_POST('wfooter'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", REQUEST_POST('blink'), 0);
+                                               // DEACTIVATED: changeDataInFile(REQUEST_POST('spath')."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", REQUEST_POST('omode'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-HOST", "        'host'     => \"", "\",", $mysql['host'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-DBASE", "       'dbase'    => \"", "\",", $mysql['dbase'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-LOGIN", "       'login'    => \"", "\",", $mysql['login'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PASSWORD", "    'password' => \"", "\",", $mysql['pass1'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", REQUEST_POST('smtp_host'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", REQUEST_POST('smtp_user'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", REQUEST_POST('smtp_pass1'), 0);
+                                               changeDataInFile(REQUEST_POST('spath')."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
                                        } else {
                                                // Installation area not found!
                                                addFatalMessage(getMessage('INSTALL_MISSING_DUMPS'));
@@ -347,12 +347,12 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                        $OUT .= "    <input type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">\n";
                                } // END foreach
                                define('__MYSQL_DATA'   , $OUT);
-                               define('__SPATH_VALUE'  , $_POST['spath']);
-                               define('__BURL_VALUE'   , $_POST['burl']);
-                               define('__TITLE_VALUE'  , $_POST['title']);
-                               define('__SMTP_HOST'    , $_POST['smtp_host']);
-                               define('__SMTP_USER'    , $_POST['smtp_user']);
-                               define('__SMTP_PASS'    , $_POST['smtp_pass']);
+                               define('__SPATH_VALUE'  , REQUEST_POST('spath'));
+                               define('__BURL_VALUE'   , REQUEST_POST('burl'));
+                               define('__TITLE_VALUE'  , REQUEST_POST('title'));
+                               define('__SMTP_HOST'    , REQUEST_POST('smtp_host'));
+                               define('__SMTP_USER'    , REQUEST_POST('smtp_user'));
+                               define('__SMTP_PASS'    , REQUEST_POST('smtp_pass1'));
 
                                // Load template
                                LOAD_TEMPLATE("install_fatal_errors");
@@ -371,7 +371,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                break;
 
        default:
-               DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", $_GET['page']));
+               DEBUG_LOG(__FILE__, __LINE__, sprintf("Wrong page %s detected", REQUEST_GET('page')));
                OUTPUT_HTML("    <div class=\"install_error\">{--WRONG_PAGE--}</strong>");
                break;
        }
index 5f3c4a5..71e179e 100644 (file)
@@ -145,7 +145,7 @@ WHERE email='%s'".$locked." LIMIT 1",
                        list($uid) = SQL_FETCHROW($result);
 
                        // Rewrite email address to contact link
-                       $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;u_id=".bigintval($uid);
+                       $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;uid=".bigintval($uid);
                }
 
                // Free memory
@@ -250,7 +250,7 @@ WHERE id=%s LIMIT 1",
        }
 
        // Remove cache file
-       RUN_FILTER('post_admin_edited', $_POST);
+       RUN_FILTER('post_admin_edited', REQUEST_POST_ARRAY());
 }
 
 // Make admin accounts editable
@@ -364,7 +364,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
        }
 
        // Remove cache if cache system is activated
-       RUN_FILTER('post_admin_deleted', $_POST);
+       RUN_FILTER('post_admin_deleted', REQUEST_POST_ARRAY());
 }
 
 // List all admin accounts
index 7fccd6f..f0626fb 100644 (file)
@@ -150,7 +150,7 @@ function NL_INSERT_URLS ($text) {
 //
 function SEND_NEWSLETTER ($TO, $SUBJECT, $MSG, $MODE) {
        // Send mail away as HTML
-       if ($_POST['auto_urls'] == "Y") {
+       if (REQUEST_POST('auto_urls') == "Y") {
                // Automatically insert URLs into newsletter
                if ((EXT_IS_ACTIVE("html")) && ($MODE == "html")) {
                        // Send HTML mail
index 34da5e8..04228a1 100644 (file)
@@ -236,7 +236,7 @@ class PrimeraApi {
 // is not false the API data is valid, else invalid
 function PRIMERA_TEST_API () {
        // Get new instance
-       $api = new PrimeraApi($_POST['primera_api_name'], $_POST['primera_api_md5']);
+       $api = new PrimeraApi(REQUEST_POST('primera_api_name'), REQUEST_POST('primera_api_md5'));
 
        // Was that fine?
        return ($api->getPrimera() !== false);
index d38b61b..aa4859a 100644 (file)
@@ -737,10 +737,10 @@ function RALLYE_GET_REFCOUNT($uid, $old=0) {
        if (GET_EXT_VERSION("cache") >= "0.1.2") {
                // Get refs from cache
                $cnt = 0;
-               foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $u_id) {
+               foreach ($GLOBALS['cache_array']['refsystem']['userid'] as $id => $uid) {
                        // Do we have a ref for this user?
-                       //* DEBUG: */ echo "id={$id},u_id={$u_id},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}<br />\n";
-                       if (($u_id == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) {
+                       //* DEBUG: */ echo "id={$id},uid={$uid},uid={$uid},old={$old},level={$GLOBALS['cache_array']['refsystem']['level'][$id]}<br />\n";
+                       if (($uid == $uid) && ($GLOBALS['cache_array']['refsystem']['level'][$id] == 1)) {
                                //* DEBUG: */ echo "uid matches!<br />\n";
                                foreach ($GLOBALS['cache_array']['ref_depths']['level'] as $level) {
                                        if (($level == $GLOBALS['cache_array']['refsystem']['level'][$id]) && ($level == 1)) {
index 1d36cd1..5f82f17 100644 (file)
@@ -117,7 +117,7 @@ function REGISTER_ADD_CATEGORY_TABLE ($MODE, $return=false) {
                $SW = 2;
                $OUT .= "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n";
                while (list($id, $cat, $visible) = SQL_FETCHROW($result)) {
-                       if (empty($_POST['cat'][$id])) $_POST['cat'][$id] = "";
+                       if (!REQUEST_ISSET_POST(('cat', $id))) REQUEST_POST('cat', $id) = "";
                        // Prepare array for the template
                        $content = array(
                                'sw'    => $SW,
@@ -127,7 +127,7 @@ function REGISTER_ADD_CATEGORY_TABLE ($MODE, $return=false) {
                                'id'    => $id,
                        );
 
-                       if (($_POST['cat'][$id] == "Y") || ((getConfig('register_default') == "Y") && (empty($_POST['cat'][$id])))) {
+                       if ((REQUEST_POST('cat', $id) == "Y") || ((getConfig('register_default') == "Y") && (!REQUEST_ISSET_POST(('cat', $id))))) {
                                $content['def_y'] = " checked=\"checked\"";
                        } else {
                                $content['def_n'] = " checked=\"checked\"";
index e7fa920..769fb7a 100644 (file)
@@ -83,7 +83,7 @@ function REWRITE_LINKS ($HTML) {
 
        // Simple from->to replacements
        $REPLACE = array(
-               'search'  => array("u_id", "url", "page", "offset", "mid", "bid", "sub", "home"),
+               'search'  => array("uid", "url", "page", "offset", "mid", "bid", "sub", "home"),
                'replace' => array("u"   , "url", "page", "offset", "m"  , "b"  , "s"  , "h")
        );
 
@@ -96,7 +96,7 @@ function REWRITE_LINKS ($HTML) {
        // Replace all array elements through
        foreach ($REPLACE['search'] as $k => $v) {
                if (eregi("$v=", $test)) {
-                       // Replace &amp;u_id= with /u/
+                       // Replace &amp;uid= with /u/
                        $test = preg_replace("/&amp;".$v."=/i", "/".$REPLACE['replace'][$k]."/", $test);
                } // END - if
        } // END - foreach
index 4f6dafa..5a24877 100644 (file)
@@ -132,7 +132,7 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_S
 
                        // Remove last ", " from SQL string
                        $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
-                       $DATA['values'][] = bigintval($_GET['id']);
+                       $DATA['values'][] = bigintval(REQUEST_GET('id'));
 
                        // Generate message
                        $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
index 8fa321a..390f874 100644 (file)
@@ -772,10 +772,10 @@ function SURFBAR_DETERMINE_TEMPLATE_NAME() {
        $templateName = "surfbar_frameset";
 
        // Any frame set? ;-)
-       if (isset($_GET['frame'])) {
+       if (REQUEST_ISSET_GET(('frame'))) {
                // Use the frame as a template name part... ;-)
                $templateName = sprintf("surfbar_frame_%s",
-                       SQL_ESCAPE($_GET['frame'])
+                       SQL_ESCAPE(REQUEST_GET('frame'))
                );
        } // END - if
 
index 2dfcac2..58c866d 100644 (file)
@@ -194,9 +194,9 @@ function GET_CURR_THEME_NAME () {
 $GLOBALS['curr_theme'] = GET_CURR_THEME();
 
 // Check if new theme is selcted
-if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $GLOBALS['curr_theme'])) {
+if ((REQUEST_ISSET_POST(('new_theme'))) && (REQUEST_POST('new_theme') != $GLOBALS['curr_theme'])) {
        // Set new theme for guests
-       $newTheme = $_POST['new_theme'];
+       $newTheme = REQUEST_POST('new_theme');
 
        // Change to new theme
        set_session('mxchange_theme', $newTheme);
index 05d43f9..2d40f45 100644 (file)
@@ -39,22 +39,22 @@ if (!defined('__SECURITY')) {
 
 // Add links for selecting some users
 function alpha ($sortby, $colspan, $return=false) {
-       if (empty($_GET['offset'])) $_GET['offset'] = 0;
-       $ADD = "&amp;page=".SQL_ESCAPE($_GET['page'])."&amp;offset=".SQL_ESCAPE($_GET['offset']);
-       if (!empty($_GET['mode'])) $ADD .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+       if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0);
+       $ADD = "&amp;page=".SQL_ESCAPE(REQUEST_GET('page'))."&amp;offset=".SQL_ESCAPE(REQUEST_GET('offset'));
+       if (REQUEST_ISSET_GET(('mode'))) $ADD .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
 
        /* Creates the list of letters and makes them a link. */
        $alphabet = array(_ALL2,"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",_OTHERS);
        $num = count($alphabet) - 1;
        $OUT = "";
        while (list($counter, $ltr) = each($alphabet)) {
-               if ($_GET['letter'] == $ltr) {
+               if (REQUEST_GET('letter') == $ltr) {
                        // Current letter is letter from URL
                        $OUT .= "<strong>".$ltr."</strong>";
                } else {
                        // Output link to letter
                        $OUT .= "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$GLOBALS['what'];
-                       if (!empty($_GET['mode'])) $OUT .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+                       if (REQUEST_ISSET_GET(('mode'))) $OUT .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
                        $OUT .= "&amp;letter=".$ltr."&amp;sortby=".$sortby.$ADD."\">".$ltr."</a>";
                }
 
@@ -81,15 +81,15 @@ function alpha ($sortby, $colspan, $return=false) {
 // Add links for sorting
 function SortLinks($letter, $sortby, $colspan, $return=false) {
        $OUT = "";
-       if (empty($_GET['offset'])) $_GET['offset'] = 0;
-       if (empty($_GET['page']))   $_GET['page'] = 0;
+       if (!REQUEST_ISSET_GET(('offset'))) REQUEST_SET_GET('offset', 0);
+       if (!REQUEST_ISSET_GET(('page')))   REQUEST_SET_GET('page'  , 0);
 
        // Add page and offset
-       $ADD = "&amp;page=".SQL_ESCAPE($_GET['page'])."&amp;offset=".SQL_ESCAPE($_GET['offset']);
+       $ADD = "&amp;page=".SQL_ESCAPE(REQUEST_GET('page'))."&amp;offset=".SQL_ESCAPE(REQUEST_GET('offset'));
 
        // Add status or mode
-       if (!empty($_GET['status'])) $ADD .= "&amp;mode=".SQL_ESCAPE($_GET['status']);
-        elseif (!empty($_GET['mode'])) $ADD .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+       if (REQUEST_ISSET_GET(('status'))) $ADD .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('status'));
+        elseif (REQUEST_ISSET_GET(('mode'))) $ADD .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
 
        // Makes order by links..
        if ($letter == "front") $letter = _ALL2;
@@ -148,26 +148,26 @@ function ADD_PAGENAV($PAGES, $offset, $show_form, $colspan,$return=false) {
 
        $OUT = "";
        for ($page = 1; $page <= $PAGES; $page++) {
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        $OUT .= "<strong>-";
                } else {
-                       if (empty($_GET['letter'])) $_GET['letter'] = _ALL2;
-                       if (empty($_GET['sortby'])) $_GET['sortby'] = "userid";
+                       if (!REQUEST_ISSET_GET(('letter'))) REQUEST_SET_GET('letter', getMessage('_ALL2'));
+                       if (!REQUEST_ISSET_GET(('sortby'))) REQUEST_SET_GET('sortby', "userid");
 
                        // Base link
                        $OUT .= "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$GLOBALS['what'];
 
                        // Add status or mode
-                       if (!empty($_GET['status'])) $OUT .= "&amp;mode=".SQL_ESCAPE($_GET['status']);
-                        elseif (!empty($_GET['mode'])) $OUT .= "&amp;mode=".SQL_ESCAPE($_GET['mode']);
+                       if (REQUEST_ISSET_GET(('status'))) $OUT .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('status'));
+                        elseif (REQUEST_ISSET_GET(('mode'))) $OUT .= "&amp;mode=".SQL_ESCAPE(REQUEST_GET('mode'));
 
                         // Letter and so on
-                       $OUT .= "&amp;letter=".SQL_ESCAPE($_GET['letter'])."&amp;sortby=".SQL_ESCAPE($_GET['sortby'])."&amp;page=".$page."&amp;offset=".$offset."\">";
+                       $OUT .= "&amp;letter=".SQL_ESCAPE(REQUEST_GET('letter'))."&amp;sortby=".SQL_ESCAPE(REQUEST_GET('sortby'))."&amp;page=".$page."&amp;offset=".$offset."\">";
                }
 
                $OUT .= $page;
 
-               if (($page == $_GET['page']) || ((empty($_GET['page'])) && ($page == "1"))) {
+               if (($page == REQUEST_GET('page')) || ((!REQUEST_ISSET_GET(('page'))) && ($page == "1"))) {
                        $OUT .= "-</strong>";
                } else  {
                        $OUT .= "</a>";
@@ -206,7 +206,7 @@ WHERE email='%s'".$locked." LIMIT 1",
                list($uid) = SQL_FETCHROW($result);
 
                // Rewrite email address to contact link
-               $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;u_id=".bigintval($uid);
+               $email = "{!URL!}/modules.php?module=".$mod."&amp;what=user_contct&amp;uid=".bigintval($uid);
        } // END - if
 
        // Free memory
index f72adf4..7261d1c 100644 (file)
@@ -55,16 +55,19 @@ $ret = "init";
 // Is no admin registered?
 if (!isBooleanConstantAndTrue('admin_registered')) {
        // Admin is not registered so we have to inform the user
-       if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
-       if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+       if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+               REQUEST_SET_POST('ok', "***");
+       }
+
+       if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
                // Hash the password with the old function because we are here in install mode
-               $hashedPass = md5($_POST['pass']);
+               $hashedPass = md5(REQUEST_POST('pass'));
 
                // Kill maybe existing session variables
                destroyAdminSession(false);
 
                // Do registration
-               $ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
+               $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass);
                switch ($ret)
                {
                case "done":
@@ -108,25 +111,25 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        // Whas that action okay?
        if ($ret != "done") {
                // Fixes another "Notice"
-               if (!empty($_POST['login'])) {
-                       define('__LOGIN_VALUE', $_POST['login']);
+               if (REQUEST_ISSET_POST(('login'))) {
+                       define('__LOGIN_VALUE', REQUEST_POST('login'));
                } else {
                        define('__LOGIN_VALUE', "");
                }
 
                // Yet-another "Notice" fix
-               if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) {
+               if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) {
                        // No login entered?
-                       if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+                       if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
 
                        // An error comes back from registration?
                        if (!empty($ret)) $MSG1 = $ret;
 
                        // No password entered?
-                       if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+                       if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
 
                        // Or password too short?
-                       if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+                       if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
 
                        // Output error messages
                        define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
@@ -143,27 +146,27 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load register template
                LOAD_TEMPLATE("admin_reg_form");
        }
-} elseif (isset($_GET['reset_pass'])) {
+} elseif (REQUEST_ISSET_GET(('reset_pass'))) {
        // Is the form submitted?
-       if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) {
+       if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) {
                // Try to send the link out
-               $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']);
+               $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email'));
 
                // Output result
                LOAD_TEMPLATE("admin_settings_saved", false, $OUT);
-       } elseif (!empty($_GET['hash'])) {
+       } elseif (REQUEST_ISSET_GET(('hash'))) {
                // Output form for hash validation
-               LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']);
-       } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) {
+               LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash'));
+       } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) {
                // Validate the login data and hash
-               $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']);
+               $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'));
 
                // Valid?
                if ($valid === true) {
                        // Prepare content first
                        $content = array(
-                               'hash'  => SQL_ESCAPE($_POST['hash']),
-                               'login' => SQL_ESCAPE($_POST['login'])
+                               'hash'  => SQL_ESCAPE(REQUEST_POST('hash')),
+                               'login' => SQL_ESCAPE(REQUEST_POST('login'))
                        );
 
                        // Validation okay so display form for final password change
@@ -172,11 +175,11 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        // Cannot validate the login data and hash
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
                }
-       } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+       } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
                // Okay, we shall the admin password here. So first revalidate the hash
-               if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) {
+               if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
                        // Set the password now
-                       $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']);
+                       $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
 
                        // Output result
                        LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
@@ -195,16 +198,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                LOAD_URL("modules.php?module=admin&amp;action=login&amp;logout=1");
        } // END - if
 
-       if (!empty($_GET['register'])) {
+       if (REQUEST_ISSET_GET(('register'))) {
                // Registration of first admin is done
-               if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
+               if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
        } // END - if
 
        // Check if the admin has submitted data or not
-       if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
-       if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+       if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+               REQUEST_SET_POST('ok', "***");
+       }
+
+       if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
                // All required data was entered so we check his account
-               $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']);
+               $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
 
                // Which status do we have?
                switch ($ret)
@@ -221,20 +227,20 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        // Add data to URL
                        if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
                         elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
-                        elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+                        elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area');
 
                        // Load URL
                        LOAD_URL($URL);
                        break;
 
                case "404": // Administrator login not found
-                       $_POST['ok'] = $ret;
+                       REQUEST_SET_POST('ok', $ret);
                        $ret = getMessage('ADMIN_NOT_FOUND');
                        destroyAdminSession();
                        break;
 
                case "pass": // Wrong password
-                       $_POST['ok'] = $ret;
+                       REQUEST_SET_POST('ok', $ret);
                        $ret = "{--WRONG_PASS--} [<a href=\"{!URL!}/modules.php?module=admin&amp;reset_pass=1\">{--ADMIN_RESET_PASS--}</a>]\n";
                        destroyAdminSession();
                        break;
@@ -247,30 +253,30 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
 
        // Error detected?
        if ($ret != "done") {
-               if (!empty($_POST['login'])) {
-                       define('__LOGIN_VALUE', $_POST['login']);
+               if (REQUEST_ISSET_POST(('login'))) {
+                       define('__LOGIN_VALUE', REQUEST_POST('login'));
                } else {
                        define('__LOGIN_VALUE', "");
                }
 
-               if (isset($_POST['ok'])) {
+               if (IS_FORM_SENT()) {
                        // Set messages to zero
                        $MSG1 = ""; $MSG2 = "";
 
                        // No login entered?
-                       if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+                       if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
 
                        // An error comes back from login?
-                       if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret;
+                       if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret;
 
                        // No password entered?
-                       if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+                       if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
 
                        // Or password too short?
-                       if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+                       if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
 
                        // An error comes back from login?
-                       if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret;
+                       if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret;
 
                        // Load message template
                        define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
@@ -296,9 +302,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                                // Set default values
                                $content = array('target' => "action", 'value' => "login");
                        }
-               } elseif (!empty($_GET['area'])) {
+               } elseif (REQUEST_ISSET_GET(('area'))) {
                        // Restore old area value
-                       $content = array('target' => "area", 'value' => $_GET['area']);
+                       $content = array('target' => "area", 'value' => REQUEST_GET('area'));
                } else {
                        // Set default values
                        $content = array('target' => "action", 'value' => "login");
@@ -307,19 +313,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load login form template
                LOAD_TEMPLATE("admin_login_form", false, $content);
        } // END - if
-} elseif (isset($_GET['logout'])) {
+} elseif (REQUEST_ISSET_GET(('logout'))) {
        // Only try to remove cookies
        if (destroyAdminSession()) {
                // Load logout template
-               if (isset($_GET['register'])) {
+               if (REQUEST_ISSET_GET(('register'))) {
                        // Secure input
-                       $register = SQL_ESCAPE($_GET['register']);
+                       $register = SQL_ESCAPE(REQUEST_GET('register'));
 
                        // Special logout redirect for installation of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
-               } elseif (isset($_GET['remove'])) {
+               } elseif (REQUEST_ISSET_GET(('remove'))) {
                        // Secure input
-                       $remove = SQL_ESCAPE($_GET['remove']);
+                       $remove = SQL_ESCAPE(REQUEST_GET('remove'));
 
                        // Special logout redirect for removal of given extension
                        LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
@@ -352,7 +358,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        $area = "entrance";
 
                        // Check for similar URL variable
-                       if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+                       if (REQUEST_ISSET_GET(('area'))) $area = SQL_ESCAPE(REQUEST_GET('area'));
 
                        // Load "logical-area menu-system" file
                        LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php");
@@ -367,13 +373,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                break;
 
        case "404": // Administrator login not found
-               $_POST['ok'] = $ret;
+               REQUEST_SET_POST('ok', $ret);
                destroyAdminSession();
                addFatalMessage(getMessage('ADMIN_NOT_FOUND'));
                break;
 
        case "pass": // Wrong password
-               $_POST['ok'] = $ret;
+               REQUEST_SET_POST('ok', $ret);
                destroyAdminSession();
                addFatalMessage(getMessage('WRONG_PASS'));
                break;
index 82b4aea..49f02d5 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_POST['no'])) {
+if (REQUEST_ISSET_POST(('no'))) {
        // Do not logout now
        LOAD_URL("admin.php");
-} elseif ((!empty($_POST['yes'])) && ($GLOBALS['action'] == "logout")) {
+} elseif ((REQUEST_ISSET_POST(('yes'))) && ($GLOBALS['action'] == "logout")) {
        // Redirect to logout link
        LOAD_URL("modules.php?module=admin&amp;logout=1");
 }
index ea677c8..c960342 100644 (file)
@@ -204,7 +204,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
                ) && (
                        set_session('admin_last', time())
                ) && (
-                       set_session('admin_to', bigintval($_POST['timeout']))
+                       set_session('admin_to', bigintval(REQUEST_POST('timeout')))
                )
        );
 }
@@ -536,15 +536,24 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") {
                $OUT .= "</select>\n";
        } else {
                // No menus???
-               $OUT = ADMIN_PROBLEM_NO_MENU;
+               $OUT = getMessage('ADMIN_PROBLEM_NO_MENU');
        }
 
        // Return output
        return $OUT;
 }
 
+// Wrapper for $_POST and ADMIN_SAVE_SETTINGS
+function ADMIN_SAVE_SETTINGS_POST () {
+       // Get the array
+       $POST = REQUEST_POST_ARRAY();
+
+       // Call the lower function
+       ADMIN_SAVE_SETTINGS($POST);
+}
+
 // Save settings to the database
-function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma=array(), $alwaysAdd=false) {
+function ADMIN_SAVE_SETTINGS (&$POST, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
        // Prepare all arrays, variables
        $DATA = array();
        $skip = false;
@@ -643,7 +652,7 @@ function ADMIN_MAKE_MENU_SELECTION ($menu, $type, $name, $default="") {
        $handle = opendir(sprintf("%sinc/modules/%s/", constant('PATH'), $menu)) or mxchange_die("Cannot load menu ".$menu."!");
 
        // Init the selection box
-       $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <option value=\"\">".IS_TOP_MENU."</option>\n";
+       $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <option value=\"\">{--IS_TOP_MENU--}</option>\n";
 
        // Walk through all files
        while ($file = readdir($handle)) {
@@ -689,7 +698,7 @@ function ADMIN_USER_PROFILE_LINK ($uid, $title="", $wht="list_user") {
 
        //* DEBUG: */ echo "a:".$title."<br />";
        // Return link
-       return "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$wht."&amp;u_id=".$uid."\" title=\"{--ADMIN_USER_PROFILE_TITLE--}\">".$title."</a>";
+       return "<a href=\"{!URL!}/modules.php?module=admin&amp;what=".$wht."&amp;uid=".$uid."\" title=\"{--ADMIN_USER_PROFILE_TITLE--}\">".$title."</a>";
 }
 
 // Check "logical-area-mode"
@@ -782,7 +791,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
        } // END - if
 
        // Is the raw userid set?
-       if ($_POST['uid_raw'][$id] > 0) {
+       if (REQUEST_POST('uid_raw', $id) > 0) {
                // Generate subject
                $subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
@@ -794,7 +803,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
                }
 
                // Send email out
-               SEND_EMAIL($_POST['uid_raw'][$id], $subjectLine, $mail);
+               SEND_EMAIL(REQUEST_POST('uid_raw', $id), $subjectLine, $mail);
        } // END - if
 
        // Generate subject
@@ -802,9 +811,9 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
 
        // Send admin notification out
        if (!empty($subjectPart)) {
-               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, $_POST['uid_raw'][$id]);
+               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, REQUEST_POST('uid_raw', $id));
        } else {
-               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, $_POST['uid_raw'][$id]);
+               SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, REQUEST_POST('uid_raw', $id));
        }
 }
 
@@ -911,7 +920,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct
                        } // END - foreach
 
                        // Add other columns as well
-                       foreach ($_POST as $key => $entries) {
+                       foreach (REQUEST_POST_ARRAY() as $key => $entries) {
                                // Skip id, raw userid and 'do_$mode'
                                if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) {
                                        // Are there brackets () at the end?
@@ -964,7 +973,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu
                        $idList = "";
                        foreach ($IDs as $id => $sel) {
                                // Is there a userid?
-                               if (isset($_POST['uid_raw'][$id])) {
+                               if (REQUEST_ISSET_POST(('uid_raw', $id))) {
                                        // Load all data from that id
                                        $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1",
                                                array($table, $idColumn, $id), __FILE__, __LINE__);
@@ -1017,7 +1026,7 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc
                                $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET",
                                        SQL_ESCAPE($table)
                                );
-                               foreach ($_POST as $key => $entries) {
+                               foreach (REQUEST_POST_ARRAY() as $key => $entries) {
                                        // Skip raw userid which is always invalid
                                        if ($key == "uid_raw") {
                                                // Continue with next field
index ed4e351..2a9c71d 100644 (file)
@@ -41,9 +41,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Is the formular sent?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save the row to the database
-       ADMIN_SAVE_SETTINGS($_POST, "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true);
+       ADMIN_SAVE_SETTINGS(REQUEST_POST_ARRAY(), "_bank_packages", "", array("account_fee", "interest_plus", "interest_minus", "first_payment"), true);
 } else {
        // Display form
        LOAD_TEMPLATE("admin_add_bank_package");
index c7fcc2b..352fd10 100644 (file)
@@ -40,12 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Check if category does already exist
-}
- else
-{
+} else {
        // Display form
        LOAD_TEMPLATE("admin_add_guestnl_cat");
 }
index 3dc99e4..08019d9 100644 (file)
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Fix a notice
-if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
+if (!REQUEST_ISSET_GET(('uid'))) REQUEST_SET_GET('uid', "");
 
-if ($_GET['u_id'] == "all") {
+if (REQUEST_GET('uid') == "all") {
        // Add points to all accounts
-       if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
-               define('__POINTS_VALUE', $_POST['points']);
+       if ((IS_FORM_SENT()) && (REQUEST_POST('points') > 0)) {
+               define('__POINTS_VALUE', REQUEST_POST('points'));
                $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
                while (list($uid) = SQL_FETCHROW($result_main)) {
                        // Remove depth to prevent booking errors. This is a bad coding
@@ -55,12 +55,12 @@ if ($_GET['u_id'] == "all") {
                        $GLOBALS['ref_level'] = -1;
 
                        // Ok, add points and send an email to him...
-                       ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval($_POST['points']), false, "0", false, "direct");
+                       ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval(REQUEST_POST('points')), false, "0", false, "direct");
 
                        // Prepare content
                        $content = array(
-                               'text'   => SQL_ESCAPE($_POST['reason']),
-                               'points' => bigintval($_POST['points'])
+                               'text'   => SQL_ESCAPE(REQUEST_POST('reason')),
+                               'points' => bigintval(REQUEST_POST('points'))
                        );
 
                        // Load email template and send email away
@@ -77,44 +77,44 @@ if ($_GET['u_id'] == "all") {
                // Display form add points
                LOAD_TEMPLATE("admin_add_points_all");
        }
-} elseif (!empty($_GET['u_id'])) {
+} elseif (REQUEST_ISSET_GET(('uid'))) {
        // User ID found in URL so we use this give him some credits
        $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
-               array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Selected user does exist
                list($sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
-               if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+               if ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('points')))) {
                        // Remove depth to prevent booking errors. This is a bad coding
                        // practice, thats also why we need to write this project from
                        // scratch...
                        unset($GLOBALS['ref_level']);
 
                        // Ok, add points and send an email to him...
-                       ADD_POINTS_REFSYSTEM("admin_single", bigintval($_GET['u_id']), bigintval($_POST['points']), false, "0", false, "direct");
+                       ADD_POINTS_REFSYSTEM("admin_single", bigintval(REQUEST_GET('uid')), bigintval(REQUEST_POST('points')), false, "0", false, "direct");
 
                        // Prepare content
                        $content = array(
-                               'text'   => SQL_ESCAPE($_POST['reason']),
-                               'points' => bigintval($_POST['points'])
+                               'text'   => SQL_ESCAPE(REQUEST_POST('reason')),
+                               'points' => bigintval(REQUEST_POST('points'))
                        );
 
                        // Message laden
-                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id']));
+                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval(REQUEST_GET('uid')));
 
-                       SEND_EMAIL(bigintval($_GET['u_id']), getMessage('ADMIN_ADD_SUBJ'), $msg);
+                       SEND_EMAIL(bigintval(REQUEST_GET('uid')), getMessage('ADMIN_ADD_SUBJ'), $msg);
                        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_POINTS_ADDED'));
                } else {
                        // Opps, missing form here
                        define('__USER_VALUE', "<a href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".$sname." ".$fname."</a>");
-                       define('__UID'       , bigintval($_GET['u_id']));
+                       define('__UID'       , bigintval(REQUEST_GET('uid')));
                        LOAD_TEMPLATE("admin_add_points");
                }
        } else {
                // User not found!
-               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), $_GET['u_id'])."</div>");
+               LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
        }
 } else {
        // Output selection form with all confirmed user accounts listed
index 12798e8..ccb2d88 100644 (file)
@@ -40,52 +40,45 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Generate timestamps
-       $START = mktime($_POST['start_hour'], $_POST['start_min'], $_POST['start_sec'], $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
-       $END   = mktime($_POST['end_hour']  , $_POST['end_min']  , $_POST['end_sec']  , $_POST['end_month']  , $_POST['end_day']  , $_POST['end_year']  );
+       $START = mktime(REQUEST_POST('start_hour'), REQUEST_POST('start_min'), REQUEST_POST('start_sec'), REQUEST_POST('start_month'), REQUEST_POST('start_day'), REQUEST_POST('start_year'));
+       $END   = mktime(REQUEST_POST('end_hour')  , REQUEST_POST('end_min')  , REQUEST_POST('end_sec')  , REQUEST_POST('end_month')  , REQUEST_POST('end_day')  , REQUEST_POST('end_year')  );
 
        // Is there already a rallye running?
        $result = SQL_QUERY_ESC("SELECT id, admin_id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE (start_time <= %s AND end_time >= %s) OR (start_time >= %s AND start_time <= %s) LIMIT 1",
-        array($START, $START, $START, $END), __FILE__, __LINE__);
+               array($START, $START, $START, $END), __FILE__, __LINE__);
 
-       if (SQL_NUMROWS($result) == 0)
-       {
+       if (SQL_NUMROWS($result) == 0) {
                // Ok, start and end time did not overlap
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_data` (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
 VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')",
  array(
        GET_CURRENT_ADMIN_ID(),
-       $_POST['title'],
-       $_POST['descr'],
-       $_POST['template'],
+       REQUEST_POST('title'),
+       REQUEST_POST('descr'),
+       REQUEST_POST('template'),
        $START,
        $END,
-       $_POST['auto_add'],
-       $_POST['active'],
-       $_POST['notify'],
+       REQUEST_POST('auto_add'),
+       REQUEST_POST('active'),
+       REQUEST_POST('notify'),
 ), __FILE__, __LINE__);
 
                // Load ID
                $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_data` WHERE start_time='%s' AND end_time='%s' AND `title`='%s' LIMIT 1",
-                array($START, $END, $_POST['title']), __FILE__, __LINE__);
+                array($START, $END, REQUEST_POST('title')), __FILE__, __LINE__);
                list($id) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
-               if (!empty($id))
-               {
+               if (!empty($id)) {
                        // Reload to prices...
                        LOAD_URL("modules.php?module=admin&amp;what=config_rallye_prices&rallye=".$id);
-               }
-                else
-               {
+               } else {
                        // Problem detected...
                        LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PROBLEM_CREATE);
                }
-       }
-        else
-       {
+       } else {
                // Free memory
                SQL_FREERESULT($result);
 
index 3630a89..894b8cf 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save sponsor in database
-       SPONSOR_HANDLE_SPONSOR($_POST);
+       SPONSOR_HANDLE_SPONSOR(REQUEST_POST_ARRAY());
 } else {
        // Prepare constants for the template
        define('__SPONSOR_MIN_VALUE', getConfig('sponsor_min_points'));
index 21268b0..8b5c33d 100644 (file)
@@ -41,15 +41,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was an URL added?
-if ((isset($_POST['add'])) && (!empty($_POST['url']))) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('url')))) {
        // Dummy variables
        $DATA = array(); $id = "reload_ye"; $skip = false;
 
        // Convert the "reload selections"
-       CONVERT_SELECTIONS_TO_TIMESTAMP($_POST, $DATA, $id, $skip);
+       CONVERT_SELECTIONS_TO_TIMESTAMP(REQUEST_POST_ARRAY(), $DATA, $id, $skip);
 
        // Then add this URL
-       if (SURFBAR_ADMIN_ADD_URL($_POST['url'], $_POST['limit'], $_POST['reload'])) {
+       if (SURFBAR_ADMIN_ADD_URL(REQUEST_POST('url'), REQUEST_POST('limit'), REQUEST_POST('reload'))) {
                // URL was added
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SURFBAR_URL_ADDED'));
        } else {
index 89d0072..5d12319 100644 (file)
@@ -41,11 +41,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Check if the admin has entered title and what-php file name...
-if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) {
-       unset($_POST['ok']);
+if (((!REQUEST_ISSET_POST(('title'))) || (!REQUEST_ISSET_POST(('menu'))) || (!REQUEST_ISSET_POST(('descr')))) && (IS_FORM_SENT())) {
+       REQUEST_UNSET_POST('ok');
 }
 
-if (!isset($_POST['ok']))
+if (!IS_FORM_SENT())
 {
        // Create arrays
        $menus = array(); $titles = array(); $below = array();
@@ -165,29 +165,29 @@ if (!isset($_POST['ok']))
        LOAD_TEMPLATE("admin_admin_add");
 } elseif (!IS_DEMO()) {
        // Insert new menu entry
-       if (!empty($_POST['menu'])) {
+       if (REQUEST_ISSET_POST(('menu'))) {
                // Add sub menu
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
                        array(
-                               $_POST['menu'],
-                               $_POST['name'],
-                               $_POST['title'],
-                               $_POST['descr'],
-                               bigintval($_POST['sort']),
+                               REQUEST_POST('menu'),
+                               REQUEST_POST('name'),
+                               REQUEST_POST('title'),
+                               REQUEST_POST('descr'),
+                               bigintval(REQUEST_POST('sort')),
                        ), __FILE__, __LINE__
                );
-               CACHE_PURGE_ADMIN_MENU(0, $_POST['menu'], $_POST['name']);
+               CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('menu'), REQUEST_POST('name'));
        } else {
                // Add main menu
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admin_menu` (action, title, descr, sort) VALUES ('%s','%s','%s','%s')",
                        array(
-                               $_POST['name'],
-                               $_POST['title'],
-                               $_POST['descr'],
-                               bigintval($_POST['sort']),
+                               REQUEST_POST('name'),
+                               REQUEST_POST('title'),
+                               REQUEST_POST('descr'),
+                               bigintval(REQUEST_POST('sort')),
                        ), __FILE__, __LINE__
                );
-               CACHE_PURGE_ADMIN_MENU(0, $_POST['name']);
+               CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('name'));
        }
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
 } else {
index b20760d..380ef31 100644 (file)
@@ -42,23 +42,23 @@ ADD_DESCR("admin", __FILE__);
 
 // Do we edit/delete/change main menus or sub menus?
 $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = "";
-if (!empty($_GET['sub']))
+if (REQUEST_ISSET_GET(('sub')))
 {
-       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub']));
-       $SUB = SQL_ESCAPE($_GET['sub']);
+       $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE(REQUEST_GET('sub')));
+       $SUB = SQL_ESCAPE(REQUEST_GET('sub'));
 }
 
 // Get count of (maybe) selected menu points
 $chk = 0;
-if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel'));
 
 // List all menu points and make them editable
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) {
        // Edit menu entries
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        $cnt = 0; $SW = 2;
-       foreach ($_POST['sel'] as $sel => $confirm)
+       foreach (REQUEST_POST('sel') as $sel => $confirm)
        {
                if ($confirm == 1)
                {
@@ -101,13 +101,13 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
        // Load template
        LOAD_TEMPLATE("admin_amenu_edit_form");
 }
- elseif ((isset($_POST['del'])) && (!IS_DEMO()))
+ elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO()))
 {
        define('__SUB_VALUE', $SUB);
        define('__CHK_VALUE', $chk);
        // Del menu entries with or without confirmation
        $SW = 2; $cnt = 0; $OUT = "";
-       foreach ($_POST['sel'] as $sel => $confirm)
+       foreach (REQUEST_POST('sel') as $sel => $confirm)
        {
                if ($confirm == 1)
                {
@@ -146,12 +146,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
 
        // Load template
        LOAD_TEMPLATE("admin_amenu_delete");
-} elseif ((isset($_POST['ok'])) && (!IS_DEMO())) {
+} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) {
        // An action is done...
-       switch ($_POST['ok'])
+       switch (REQUEST_POST('ok'))
        {
        case "edit": // Edit menu
-               foreach ($_POST['sel'] as $sel => $menu) {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        // Secure ID
                        $sel = bigintval($sel);
 
@@ -164,22 +164,22 @@ descr='%s'
 WHERE ".$AND." AND id=%s LIMIT 1",
  array(
        $menu,
-       $_POST['sel_action'][$sel],
-       $_POST['sel_what'][$sel],
-       $_POST['sel_desc'][$sel],
+       REQUEST_POST('sel_action', $sel),
+       REQUEST_POST('sel_what', $sel),
+       REQUEST_POST('sel_desc', $sel),
        $sel,
 ), __FILE__, __LINE__);
                }
 
                // Purge admin menu cache
-               CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]);
+               CACHE_PURGE_ADMIN_MENU(0, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel));
 
                // Load template
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED'));
                break;
 
        case "del": // Delete menu
-               foreach ($_POST['sel'] as $sel => $menu) {
+               foreach (REQUEST_POST('sel') as $sel => $menu) {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE ".$AND." AND id=%s LIMIT 1",
                                array(bigintval($sel)), __FILE__, __LINE__);
                        CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
@@ -190,32 +190,32 @@ WHERE ".$AND." AND id=%s LIMIT 1",
                break;
 
        default: // Unexpected action
-               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok']));
-               define('__OK_VALUE', $_POST['ok']);
+               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok')));
+               define('__OK_VALUE', REQUEST_POST('ok'));
                LOAD_TEMPLATE("admin_menu_unknown_okay");
                break;
        }
 } else {
-       if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
+       if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) {
                // Get IDs
-               if (!empty($_GET['w'])) {
+               if (REQUEST_ISSET_GET(('w'))) {
                        // Sub menus selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                               array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
+                               array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1",
-                               array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
+                               array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                } else {
                        // Main menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                               array(bigintval($_GET['tid'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__);
                        list($tid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1",
-                               array(bigintval($_GET['fid'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                }
@@ -223,9 +223,9 @@ WHERE ".$AND." AND id=%s LIMIT 1",
                if ((!empty($tid)) && (!empty($fid))) {
                        // Sort menu
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__);
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admin_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                               array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__);
                        CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
                }
        }
index c105484..4f7f51e 100644 (file)
@@ -43,9 +43,9 @@ ADD_DESCR("admin", __FILE__);
 // Display form is default
 $FORM = true;
 
-if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email'])) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('email'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
        // Add admin when not added already
-       if (REGISTER_ADMIN($_POST['login'], generateHash($_POST['pass1']), $_POST['email']) == "done") {
+       if (REGISTER_ADMIN(REQUEST_POST('login'), generateHash(REQUEST_POST('pass1')), REQUEST_POST('email')) == "done") {
                // Do not ouput any form!
                $FORM = false;
 
@@ -53,16 +53,16 @@ if ((isset($_POST['add'])) && (!empty($_POST['login'])) && (!empty($_POST['email
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ADD_DONE'));
 
                // Run filter chain
-               RUN_FILTER('post_admin_added', $_POST);
+               RUN_FILTER('post_admin_added', REQUEST_POST_ARRAY());
        } // END - if
 } // END - if
 
 // Shall we display the form?
 if ($FORM === true) {
        // Set missing elements
-       // @TODO Do we need this ugly code here?
-       if (!isset($_POST['login'])) $_POST['login'] = "";
-       if (!isset($_POST['email'])) $_POST['email'] = "";
+       // @TODO Do we still need this ugly code here?
+       if (!REQUEST_ISSET_POST(('login'))) REQUEST_SET_POST('login', "");
+       if (!REQUEST_ISSET_POST(('email'))) REQUEST_SET_POST('email', "");
 
        // Load form from template
        LOAD_TEMPLATE("admin_admins_add");
index c6341ea..65e1f69 100644 (file)
@@ -40,26 +40,26 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if ((isset($_POST['ok'])) && (!empty($_GET['admin']))) {
+if ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('admin')))) {
        // Send mail or message
-       if ((EXT_IS_ACTIVE("msg")) && ($_POST['type'] == "msg")) {
+       if ((EXT_IS_ACTIVE("msg")) && (REQUEST_POST('type') == "msg")) {
                // Add message
-               $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", $_POST['text'], "0");
-               SEND_ADMIN_MESSAGE($_GET['admin'], ADMINS_MSG_FROM_ADMIN, $msg);
+               $msg = LOAD_EMAIL_TEMPLATE("admins_msg_contct_admin", REQUEST_POST('text'), "0");
+               SEND_ADMIN_MESSAGE(REQUEST_GET('admin'), ADMINS_MSG_FROM_ADMIN, $msg);
        } else {
                // Load admin's email address
-               $email = GET_ADMIN_EMAIL(bigintval($_GET['admin']));
+               $email = GET_ADMIN_EMAIL(bigintval(REQUEST_GET('admin')));
 
                // Load email template and send the mail to the admin
-               $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", $_POST['text'], "0");
+               $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", REQUEST_POST('text'), "0");
                SEND_EMAIL($email, ADMINS_MSG_FROM_ADMIN, $msg);
        }
 
        // Mail / message dropped
        LOAD_TEMPLATE("admin_settings_saved", false, ADMINS_ADMIN_CONTACTED);
-} elseif (!empty($_GET['admin'])) {
+} elseif (REQUEST_ISSET_GET(('admin'))) {
        // Load contact form template
-       define('__ADMIN', $_GET['admin']);
+       define('__ADMIN', REQUEST_GET('admin'));
        if (EXT_IS_ACTIVE("msg")) {
                // Add option to select between mail and message
                define('ADMINS_MESSAGING_SELECTION', LOAD_TEMPLATE("admin_admins_contct_select", true));
index 6706d9a..d3a151b 100644 (file)
@@ -41,29 +41,31 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Set selection data to empty array when it is empty
-if (empty($_POST['sel'])) $_POST['sel'] = array();
+if (!REQUEST_ISSET_POST(('sel'))) REQUEST_SET_POST('sel', array());
 
 // Check if direct admin account was selected
-if (!empty($_GET['admin'])) {
+if (REQUEST_ISSET_GET(('admin'))) {
        // Secure ID number
-       $aid = bigintval($_GET['admin']);
-       $_POST['edit'] = "1";
-       $_POST['sel'][$aid] = "1";
+       $aid = bigintval(REQUEST_GET('admin'));
+
+       // Set required fields
+       REQUEST_SET_POST('edit', "1");
+       REQUEST_SET_POST(array('sel', $aid), "1");
 }
 
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Edit account(s)
-       ADMINS_EDIT_ADMIN_ACCOUNTS($_POST);
-} elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0)) {
+       ADMINS_EDIT_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
+} elseif ((REQUEST_ISSET_POST(('change'))) && (sizeof(REQUEST_POST('login')) > 0)) {
        // Change admin accounts
-       ADMINS_CHANGE_ADMIN_ACCOUNT($_POST);
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+       ADMINS_CHANGE_ADMIN_ACCOUNT(REQUEST_POST_ARRAY());
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Show admin accounts for deletetion
-       ADMINS_DELETE_ADMIN_ACCOUNTS($_POST);
+       ADMINS_DELETE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
 } else {
-       if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+       if ((REQUEST_ISSET_POST(('remove'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
                // Remove accounts now
-               ADMINS_REMOVE_ADMIN_ACCOUNTS($_POST);
+               ADMINS_REMOVE_ADMIN_ACCOUNTS(REQUEST_POST_ARRAY());
        }
 
        // List all admin accounts
index 04124c3..fddbc9a 100644 (file)
@@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['edit']))
+if (REQUEST_ISSET_POST(('edit')))
 {
        // Check if entires are checked
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0)
        {
                // Add option for events
                $GLOBALS['cache_array']['admins'] = ADD_OPTION_LINES("admins", "id", "login", "", "email");
                $SW = 2; $rowNameS = "";
-               foreach ($_POST['sel'] as $template => $sel) {
+               foreach (REQUEST_POST('sel') as $template => $sel) {
                        // First of all load data from DB
                        $result = SQL_QUERY_ESC("SELECT admin_id, id FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' ORDER BY `id`",
                         array($template), __FILE__, __LINE__);
@@ -117,11 +117,10 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__);
        if (SQL_NUMROWS($result) > 0)
        {
                // Shall I change entries?
-               if (isset($_POST['change']))
+               if (REQUEST_ISSET_POST(('change')))
                {
                        // Ok, update database
-                       foreach ($_POST['admin_id'] as $id => $aid)
-                       {
+                       foreach (REQUEST_POST('admin_id') as $id => $aid) {
                                // Secure IDs
                                $id  = bigintval($id);
                                $aid = bigintval($aid);
@@ -130,17 +129,17 @@ ORDER BY m.admin_id, m.mail_template", __FILE__, __LINE__);
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_mails` SET admin_id=%s WHERE id=%s ORDER BY `id` LIMIT 1",
                                        array($aid, $id), __FILE__, __LINE__);
 
-                               if (($aid < 1) && (!empty($_POST['template'][$id])))
+                               if (($aid < 1) && (REQUEST_ISSET_POST(('template', $id))))
                                {
                                        // Remove any other admin entries
                                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_mails` WHERE mail_template='%s' AND id != '%s'",
-                                               array($_POST['template'][$id], $id), __FILE__, __LINE__);
+                                               array(REQUEST_POST('template', $id), $id), __FILE__, __LINE__);
                                }
-                               if ($_POST['admin_new'][$_POST['template'][$id]] > 0)
+                               if (REQUEST_POST('admin_new', REQUEST_POST('template', $id)) > 0)
                                {
                                        // Add new admin
                                        SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_mails` (admin_id, mail_template) VALUES ('%s','%s')",
-                                               array($aid, $_POST['template'][$id]), __FILE__, __LINE__);
+                                               array($aid, REQUEST_POST('template', $id)), __FILE__, __LINE__);
                                }
                        }
 
index efb00e6..37242ae 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Minimum mails / active
        define('__LIMIT_VALUE', getConfig('active_limit'));
index 8f42cfc..90f5077 100644 (file)
@@ -39,9 +39,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data for the template
        switch (getConfig('admin_menu'))
index a8957ad..78e1109 100644 (file)
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 
-if ((isset($_POST['edit'])) && ($SEL > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && ($SEL > 0)) {
        // Edit ACLs
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Load data for the ID
                $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
@@ -76,15 +76,21 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
 
        // Load main template
        LOAD_TEMPLATE("admin_config_admins_edit");
-} elseif ((isset($_POST['change'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0)) {
        // Change entries
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Secure ID
                $id = bigintval($id);
 
                // Update entries
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_acls` SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
-                       array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
+                       array(
+                               REQUEST_POST('admin', $id),
+                               REQUEST_POST('action_menu', $id),
+                               REQUEST_POST('what_menu', $id),
+                               REQUEST_POST('mode', $id),
+                               $id
+                       ),__FILE__, __LINE__);
        }
 
        // Update cache when installed
@@ -92,15 +98,15 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
                if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
 
                // Purge menu cache
-               CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]);
+               CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin', $id));
        }
 
        // Entries changed
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_CHANGED'));
-} elseif ((isset($_POST['del'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ($SEL > 0)) {
        // Delete ACLs
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Load data for the ID
                $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
                        array(bigintval($id)), __FILE__, __LINE__);
@@ -135,9 +141,9 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
 
        // Load main template
        LOAD_TEMPLATE("admin_config_admins_del");
-} elseif ((isset($_POST['remove'])) && ($SEL > 0)) {
+} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0)) {
        // Remove entries
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
                        array(bigintval($id)),__FILE__, __LINE__);
        }
@@ -152,33 +158,33 @@ if ((isset($_POST['edit'])) && ($SEL > 0)) {
 
        // Entries deleted
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_DELETED'));
-} elseif (isset($_POST['add'])) {
+} elseif (REQUEST_ISSET_POST(('add'))) {
        // Check if everything is fine...
-       $mode = GET_ADMIN_DEFAULT_ACL(bigintval($_POST['admin_id']));
+       $mode = GET_ADMIN_DEFAULT_ACL(bigintval(REQUEST_POST('admin_id')));
 
        // Default ACL is false
        $ACL = false;
-       if (!empty($_POST['what_menu'])) {
+       if (REQUEST_ISSET_POST(('what_menu'))) {
                // Check parent ACL
-               $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
+               $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", REQUEST_POST('what_menu')), "");
        }
 
-       if ($mode != $_POST['mode'] || ($ACL)) {
+       if ($mode != REQUEST_POST('mode') || ($ACL)) {
                // Mode is fine
-               $BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
-               if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) {
+               $BOTH = ((REQUEST_ISSET_POST(('action_menu'))) && (REQUEST_ISSET_POST(('what_menu'))));
+               if (((REQUEST_ISSET_POST(('action_menu'))) || (REQUEST_ISSET_POST(('what_menu')))) && (!$BOTH)) {
                        // Main or sub menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
-                        array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_POST('admin_id')), REQUEST_POST('action_menu'), REQUEST_POST('what_menu')), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 0) {
                                // Finally add the new ACL
                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_acls` (admin_id, action_menu, what_menu, access_mode)
 VALUES ('%s','%s','%s','%s')",
  array(
-       bigintval($_POST['admin_id']),
-       $_POST['action_menu'],
-       $_POST['what_menu'],
-       $_POST['mode']
+       bigintval(REQUEST_POST('admin_id')),
+       REQUEST_POST('action_menu'),
+       REQUEST_POST('what_menu'),
+       REQUEST_POST('mode')
 ), __FILE__, __LINE__);
                                $content = ADMIN_ADMINS_ACL_SAVED;
 
@@ -187,7 +193,7 @@ VALUES ('%s','%s','%s','%s')",
                                        if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
 
                                        // Purge cache
-                                       CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']);
+                                       CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin_id'), REQUEST_POST('action_menu'), REQUEST_POST('what_menu'));
                                } // END - if
                        } else {
                                // ACL does already exist!
index cea9d4c..956d5bf 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Data was submitted so we store it
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Output de-/activation selections
        define('__AP_INACTIVE_SELECTION'   , ADD_SELECTION("yn", getConfig('autopurge_inactive')   , "autopurge_inactive"));
index 6bc51b7..1f4d635 100644 (file)
@@ -40,19 +40,19 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Translate german decimal commas to computer decimal dots
-       $_POST['beg_points']       = REVERT_COMMA($_POST['beg_points']      );
-       $_POST['beg_points_max']   = REVERT_COMMA($_POST['beg_points_max']  );
-       $_POST['beg_notify_bonus'] = REVERT_COMMA($_POST['beg_notify_bonus']);
+       REQUEST_SET_POST('beg_points'      , REVERT_COMMA(REQUEST_POST('beg_points')      ));
+       REQUEST_SET_POST('beg_points_max'  , REVERT_COMMA(REQUEST_POST('beg_points_max')  ));
+       REQUEST_SET_POST('beg_notify_bonus', REVERT_COMMA(REQUEST_POST('beg_notify_bonus')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 
        // Remember new settings
-       setConfigEntry('beg_rallye'       , $_POST['beg_rallye']);
-       setConfigEntry('beg_ral_en_notify', $_POST['beg_ral_en_notify']);
-       setConfigEntry('beg_ral_di_notify', $_POST['beg_ral_di_notify']);
+       setConfigEntry('beg_rallye'       , REQUEST_POST('beg_rallye'));
+       setConfigEntry('beg_ral_en_notify', REQUEST_POST('beg_ral_en_notify'));
+       setConfigEntry('beg_ral_di_notify', REQUEST_POST('beg_ral_di_notify'));
 } else {
        // Prepare constants for the template
        define('__BEG_POINTS'           , TRANSLATE_COMMA(getConfig('beg_points')      , false));
index 174bbf6..bba2f20 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data for the template
        define('__POINTS_VALUE', getConfig('birthday_points'));
index b50b55e..cfce062 100644 (file)
@@ -40,33 +40,34 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Replace german decimal commas to computer decimal dots
-       $_POST['login_bonus']         = REVERT_COMMA($_POST['login_bonus']        );
-       $_POST['turbo_bonus']         = REVERT_COMMA($_POST['turbo_bonus']        );
-       $_POST['bonus_ref']           = REVERT_COMMA($_POST['bonus_ref']          );
-       $_POST['bonus_order']         = REVERT_COMMA($_POST['bonus_order']        );
-       $_POST['bonus_notify_points'] = REVERT_COMMA($_POST['bonus_notify_points']);
+       REQUEST_POST('login_bonus')         = REVERT_COMMA(REQUEST_POST('login_bonus')        );
+       REQUEST_POST('turbo_bonus')         = REVERT_COMMA(REQUEST_POST('turbo_bonus')        );
+       REQUEST_POST('bonus_ref')           = REVERT_COMMA(REQUEST_POST('bonus_ref')          );
+       REQUEST_POST('bonus_order')         = REVERT_COMMA(REQUEST_POST('bonus_order')        );
+       REQUEST_SET_POST('bonus_notify_points', REVERT_COMMA(REQUEST_POST('bonus_notify_points')));
 
        // Generate string for saving ranks
-       $_POST['turbo_rates'] = ""; $RATES = array();
-       foreach ($_POST['rate'] as $rate) {
+       REQUEST_SET_POST('turbo_rates', "");
+       $RATES = array();
+       foreach (REQUEST_POST('rate') as $rate) {
                $rate = trim(REVERT_COMMA($rate));
-               if (isset($rate)) $RATES[] = $rate;
+               if (!empty($rate)) $RATES[] = $rate;
        }
-       $_POST['turbo_rates'] = trim(implode(";", $RATES));
-       unset($_POST['rate']);
+       REQUEST_SET_POST('turbo_rates', trim(implode(";", $RATES)));
+       REQUEST_UNSET_POST(('rate'));
 
        // Automatically calculate bonus points for ranks 2 and 3 when not set
-       if (empty($_POST['turbo_rates'])) $_POST['turbo_rates'] = "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4)."";
+       if (!REQUEST_ISSET_POST(('turbo_rates'))) REQUEST_SET_POST('turbo_rates', "".round(getConfig('turbo_bonus') / 2).";".round(getConfig('turbo_bonus') / 4)."");
 
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 
        // Remember new settings
-       setConfigEntry('bonus_active'   , $_POST['bonus_active']);
-       setConfigEntry('bonus_en_notify', $_POST['bonus_en_notify']);
-       setConfigEntry('bonus_di_notify', $_POST['bonus_di_notify']);
+       setConfigEntry('bonus_active'   , REQUEST_POST('bonus_active'));
+       setConfigEntry('bonus_en_notify', REQUEST_POST('bonus_en_notify'));
+       setConfigEntry('bonus_di_notify', REQUEST_POST('bonus_di_notify'));
 } else {
        // Prepare contants for the template
        define('__LOGIN_VALUE' , TRANSLATE_COMMA(getConfig('login_bonus')        , false));
index 6a86a67..1056c3f 100644 (file)
@@ -40,41 +40,46 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Cache path has been not changed by default so don't test it again
-       $_POST['cache_tested'] = "N";
+       REQUEST_SET_POST('cache_tested', "N");
 
        // Check if path has been changed
-       if ($_POST['cache_path'] != getConfig('cache_path')) {
+       if (REQUEST_POST('cache_path') != getConfig('cache_path')) {
                // Okay, cache path has been altered so we have to test it again!
-               $_POST['cache_tested'] = "Y";
+               REQUEST_SET_POST('cache_tested', "Y");
        }
 
-       // Delete deactivated cache files
-       if (($_POST['cache_admins'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) {
+       if ((REQUEST_POST('cache_admins') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("admins"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_acls'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) {
+
+       if ((REQUEST_POST('cache_acls') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("acls"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_exts'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) {
+
+       if ((REQUEST_POST('cache_exts') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("extensions", true))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_config'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) {
+
+       if ((REQUEST_POST('cache_config') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("config"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_modreg'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) {
+
+       if ((REQUEST_POST('cache_modreg') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("modreg"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_refdepth'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) {
+
+       if ((REQUEST_POST('cache_refdepth') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refdepth"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
-       if (($_POST['cache_refsys'] == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) {
+
+       if ((REQUEST_POST('cache_refsys') == "N") && ($GLOBALS['cache_instance']->loadCacheFile("refsys"))) {
                $GLOBALS['cache_instance']->destroyCacheFile();
        }
 
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data
        switch (getConfig('cache_admins')) {
index 5bda6c5..2789835 100644 (file)
@@ -44,14 +44,14 @@ ADD_DESCR("admin", __FILE__);
 // Init variable to avoid a notice
 $CATS = "";
 
-if (isset($_POST['add'])) {
+if (REQUEST_ISSET_POST(('add'))) {
        // Add a new category
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_cats` WHERE cat='%s' LIMIT 1",
-               array($_POST['catname']), __FILE__, __LINE__);
+               array(REQUEST_POST('catname')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Category does not exists, we simply add it...
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_cats` (cat, visible, sort) VALUES ('%s','%s','%s')",
-                       array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
+                       array(REQUEST_POST('catname'), REQUEST_POST('visible'), bigintval(REQUEST_POST('parent') + 1)), __FILE__, __LINE__);
                $content = CATEGORY_ADDED;
        } else {
                // Category does already exists
@@ -63,20 +63,25 @@ if (isset($_POST['add'])) {
 
        // Display message
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['ok'])) && (isset($_POST['id'])) && (is_array($_POST['id']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_POST(('id'))) && (is_array(REQUEST_POST('id')))) {
        // Change or delete categories...
        $TEXT = "";
-       foreach ($_POST['id'] as $id => $cat) {
+       foreach (REQUEST_POST('id') as $id => $cat) {
                // Secure ID
                $id = bigintval($id);
 
                // Is the entry set?
                if (!empty($cat)) {
-                       switch ($_GET['do'])
+                       switch (REQUEST_GET('do'))
                        {
                        case "edit": // Change categories
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_cats` SET cat='%s', `visible`='%s', sort=%s WHERE id=%s LIMIT 1",
-                                       array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
+                                       array(
+                                               $cat,
+                                               REQUEST_POST('vis', $id),
+                                               REQUEST_POST('sort', $id),
+                                               $id
+                                       ), __FILE__, __LINE__);
                                $TEXT = CATEGORIES_SAVED;
                                break;
 
@@ -98,10 +103,10 @@ if (isset($_POST['add'])) {
                // Display message
                LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
        }
-} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Delete categories
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                // Load data of category
                $result = SQL_QUERY_ESC("SELECT cat FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1",
                        array(bigintval($id)), __FILE__, __LINE__);
@@ -123,10 +128,10 @@ if (isset($_POST['add'])) {
 
        // Load main template
        LOAD_TEMPLATE("admin_del_cats");
-} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Edit categories
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value)
+       foreach (REQUEST_POST('sel') as $id => $value)
        {
                // Load data from the category
                $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM `{!_MYSQL_PREFIX!}_cats` WHERE id=%s LIMIT 1",
index 185aae5..8b21140 100644 (file)
@@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Replace commata with decimal dot
-       $_POST['doubler_charge'] = REVERT_COMMA(($_POST['doubler_charge'] / 100));
-       $_POST['doubler_ref']    = REVERT_COMMA(($_POST['doubler_ref'] / 100));
-       $_POST['doubler_min']    = REVERT_COMMA($_POST['doubler_min']);
-       $_POST['doubler_max']    = REVERT_COMMA($_POST['doubler_max']);
-       $_POST['doubler_left']   = REVERT_COMMA($_POST['doubler_left']);
+       REQUEST_SET_POST('doubler_charge', REVERT_COMMA((REQUEST_POST('doubler_charge') / 100)));
+       REQUEST_SET_POST('doubler_ref'   , REVERT_COMMA((REQUEST_POST('doubler_ref') / 100)));
+       REQUEST_SET_POST('doubler_min'   , REVERT_COMMA(REQUEST_POST('doubler_min')));
+       REQUEST_SET_POST('doubler_max'   , REVERT_COMMA(REQUEST_POST('doubler_max')));
+       REQUEST_SET_POST('doubler_left'  , REVERT_COMMA(REQUEST_POST('doubler_left')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data for the template
        // - Charge rate
index 754f369..7048cd0 100644 (file)
@@ -41,20 +41,20 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Remove empty array index
-if (empty($_POST['max'])) unset($_POST['add_max']);
+if (!REQUEST_ISSET_POST(('max'))) REQUEST_UNSET_POST(('add_max'));
 
-if (isset($_POST['add_max'])) {
+if (REQUEST_ISSET_POST(('add_max'))) {
        // Save all settings
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE value='%s' LIMIT 1",
-        array(bigintval($_POST['max'])), __FILE__, __LINE__);
+        array(bigintval(REQUEST_POST('max'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Add this value (including comment)
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_max_receive` (value, comment) VALUES ('%s','%s')",
-                       array(bigintval($_POST['max']), $_POST['comment']),__FILE__, __LINE__);
+                       array(bigintval(REQUEST_POST('max')), REQUEST_POST('comment')),__FILE__, __LINE__);
                $content = MAX_VALUE_SAVED;
        } else {
                // Value does alread exists!
-               $content = "<span class=\"admin_failed\">".MAX_VALUE_ALREADY."</span>";
+               $content = "<span class=\"admin_failed\">{--MAX_VALUE_ALREADY--}</span>";
        }
 
        // Free memory
@@ -62,18 +62,22 @@ if (isset($_POST['add_max'])) {
 
        // Display message
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-} elseif ((isset($_POST['ok'])) && (isset($_GET['do']))) {
+} elseif ((IS_FORM_SENT()) && (REQUEST_ISSET_GET(('do')))) {
        // Change or delete entries...
        $TEXT = "";
-       foreach ($_POST['id'] as $id => $value) {
+       foreach (REQUEST_POST('id') as $id => $value) {
                // Secure ID
                $id = bigintval($id);
 
-               switch ($_GET['do'])
+               switch (REQUEST_GET('do'))
                {
                case "edit": // Change entries
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_max_receive` SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
-                               array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
+                               array(
+                                       bigintval(REQUEST_POST('val', $id)),
+                                       REQUEST_POST('comm', $id),
+                                       $id
+                               ),__FILE__, __LINE__);
                        $TEXT = MRECEIVE_SAVED;
                        break;
 
@@ -89,10 +93,10 @@ if (isset($_POST['add_max'])) {
                // Display message
                LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
        }
-} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Delete entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value)
+       foreach (REQUEST_POST('sel') as $id => $value)
        {
                // Load data
                $result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1",
@@ -116,10 +120,10 @@ if (isset($_POST['add_max'])) {
 
        // Load main template
        LOAD_TEMPLATE("admin_config_email_del");
-} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif ((REQUEST_ISSET_POST(('edit'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
        // Edit entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id => $value) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                // Load data
                $result = SQL_QUERY_ESC("SELECT value, comment FROM `{!_MYSQL_PREFIX!}_max_receive` WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
index 4bd20e5..3129867 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data
        switch (getConfig('verbose_sql')) {
index 56f823b..43019d2 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
  else
 {
index 9c3ae2c..7a0d4cc 100644 (file)
@@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $sub = "";
-if (!empty($_GET['sub'])) $sub = $_GET['sub'];
+if (REQUEST_ISSET_GET(('sub'))) $sub = REQUEST_GET('sub');
 
 switch ($sub)
 {
@@ -50,9 +50,9 @@ case "": // Output selection table
        break;
 
 case "settings": // Settings related to the index page
-       if (isset($_POST['ok'])) {
+       if (IS_FORM_SENT()) {
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
                OUTPUT_HTML("<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_home&amp;sub=settings\">".ADMIN_CONTINUE_TO_CONFIG."</a>");
        } else {
                // Prepare data for the template
@@ -65,9 +65,9 @@ case "settings": // Settings related to the index page
        break;
 
 case "target": // Set which what-file will be placed in home-page (only modules.php?module=index)
-       if (isset($_GET['home'])) {
+       if (REQUEST_ISSET_GET(('home'))) {
                // Set new home
-               UPDATE_CONFIG("index_home", SQL_ESCAPE($_GET['home']));
+               UPDATE_CONFIG("index_home", SQL_ESCAPE(REQUEST_GET('home')));
        } // END - if
 
        // Load all what menu points
index 20e1b55..aa1d9a9 100644 (file)
@@ -40,50 +40,39 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Test timestamp
-       $STAMP = mktime(0, 0, 0, bigintval($_POST['month']), bigintval($_POST['day']), bigintval($_POST['year']));
-       if ($STAMP > time())
-       {
+       $STAMP = mktime(0, 0, 0, bigintval(REQUEST_POST('month')), bigintval(REQUEST_POST('day')), bigintval(REQUEST_POST('year')));
+       if ($STAMP > time()) {
                // Date is in the future!
-               unset($_POST['ok']);
-       }
-        else
-       {
+               REQUEST_UNSET_POST('ok');
+       } else {
                // Remove entries
-               unset($_POST['day']);
-               unset($_POST['month']);
-               unset($_POST['year']);
+               REQUEST_UNSET_POST(('day'));
+               REQUEST_UNSET_POST(('month'));
+               REQUEST_UNSET_POST(('year'));
 
                // Remember timestamp
-               $_POST['mt_start'] = $STAMP;
+               REQUEST_SET_POST('mt_start', $STAMP);
        }
 
        // Convert some data
-       $_POST['mt_stage'] = bigintval($_POST['mt_stage']);
-       if ($_POST['mt_stage'] <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true))
-       {
+       REQUEST_SET_POST('mt_stage', bigintval(REQUEST_POST('mt_stage')));
+       if (REQUEST_POST('mt_stage') <= GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true)) {
                // Not enougth!
-               unset($_POST['ok']);
+               REQUEST_UNSET_POST('ok');
        }
 }
 
-if (isset($_POST['ok']))
-{
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
-}
- else
-{
+       ADMIN_SAVE_SETTINGS_POST();
+} else {
        // Start of this exchange
-       if (getConfig('mt_start') > 0)
-       {
+       if (getConfig('mt_start') > 0) {
                // Only show start
                define('__MT_START', "<strong>".MAKE_DATETIME(getConfig('mt_start'), "3")."</strong>");
-       }
-        else
-       {
+       } else {
                // Make start editable
                define('__MT_START',
                        ADD_SELECTION("day"  , date("d", time())).
index 2b1c292..e8afadd 100644 (file)
@@ -41,15 +41,15 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 $SEL = 0;
-if (isset($_POST['edit'])) {
+if (REQUEST_ISSET_POST(('edit'))) {
        // Check if at least one module is selected
-       $SEL = SELECTION_COUNT($_POST['sel']);
+       $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
        if ($SEL > 0) {
                // Output header
                $OUT = ""; $SW = 2;
 
                // Edit selected modules
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load module data
                        $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM `{!_MYSQL_PREFIX!}_mod_reg` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
@@ -80,18 +80,25 @@ if (isset($_POST['edit'])) {
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MODS_NOTHING_SELECTED'));
 
                // Remove maybe confusing data
-               unset($_POST['edit']);
-               unset($_POST['change']);
+               REQUEST_UNSET_POST(('edit'));
+               REQUEST_UNSET_POST(('change'));
        }
-} elseif (isset($_POST['change'])) {
+} elseif (REQUEST_ISSET_POST(('change'))) {
        // Change modules
-       foreach ($_POST['sel'] as $id => $sel) {
+       foreach (REQUEST_POST('sel') as $id => $sel) {
                // Secure ID number
                $id = bigintval($id);
 
                // Update module
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_mod_reg` SET `title`='%s', `locked`='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
-                       array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id),  __FILE__, __LINE__);
+                       array(
+                               REQUEST_POST('title', $id),
+                               REQUEST_POST('locked', $id),
+                               REQUEST_POST('hidden', $id),
+                               REQUEST_POST('admin', $id),
+                               REQUEST_POST('member', $id),
+                               $id
+                       ),  __FILE__, __LINE__);
        }
 
        // Remove cache file if version matches
index d1ae33f..b7abc79 100644 (file)
@@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       $_POST['nl_charge'] = REVERT_COMMA($_POST['nl_charge']);
+       REQUEST_SET_POST('nl_charge', REVERT_COMMA(REQUEST_POST('nl_charge')));
 
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare contants for the template
        define('__CHARGE_VALUE'  , TRANSLATE_COMMA(getConfig('nl_charge'), false));
index c95b924..34dfa05 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Load template
        LOAD_TEMPLATE("admin_config_nickname");
index dbf9e30..ba2f0e2 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare constants for the template
        switch (getConfig('order_max_full'))
index 6b5db67..0a67c5b 100644 (file)
@@ -45,32 +45,32 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Stop saving data if one input field is !isset
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Calculate stamps and set calculated stamps
-       $_POST['online_timeout']        = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout"           , $_POST);
-       $_POST['url_tlock']             = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock"            , $_POST);
-       $_POST['profile_lock']          = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock"         , $_POST);
-       $_POST['profile_update']        = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update"       , $_POST);
-       $_POST['resend_profile_update'] = CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", $_POST);
+       REQUEST_POST('online_timeout')        = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout"           , REQUEST_POST_ARRAY());
+       REQUEST_POST('url_tlock')             = CREATE_TIMESTAMP_FROM_SELECTIONS("url_tlock"            , REQUEST_POST_ARRAY());
+       REQUEST_POST('profile_lock')          = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_lock"         , REQUEST_POST_ARRAY());
+       REQUEST_POST('profile_update')        = CREATE_TIMESTAMP_FROM_SELECTIONS("profile_update"       , REQUEST_POST_ARRAY());
+       REQUEST_SET_POST('resend_profile_update', CREATE_TIMESTAMP_FROM_SELECTIONS("resend_profile_update", REQUEST_POST_ARRAY()));
 
        // Online-Timeout shall be > 0 or your database will crow and crow and crow...
-       if (!isset($_POST['online_timeout']))        { unset($_POST['ok']); }
+       if (!REQUEST_ISSET_POST(('online_timeout')))        { REQUEST_UNSET_POST('ok'); }
 
        // Chedck other timestamps (which can be zero!)
-       if (!isset($_POST['profile_lock']))          { unset($_POST['ok']); }
-       if (!isset($_POST['url_tlock']))             { unset($_POST['ok']); }
-       if (!isset($_POST['profile_update']))        { unset($_POST['ok']); }
-       if (!isset($_POST['resend_profile_update'])) { unset($_POST['ok']); }
+       if (!REQUEST_ISSET_POST(('profile_lock')))          { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('url_tlock')))             { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('profile_update')))        { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('resend_profile_update'))) { REQUEST_UNSET_POST('ok'); }
 
        // Check other settings
-       if (!isset($_POST['max_send']))              { unset($_POST['ok']); }
-       if (!isset($_POST['code_length']))           { unset($_POST['ok']); }
-       if (!isset($_POST['reject_url']))            { unset($_POST['ok']); }
+       if (!REQUEST_ISSET_POST(('max_send')))              { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('code_length')))           { REQUEST_UNSET_POST('ok'); }
+       if (!REQUEST_ISSET_POST(('reject_url')))            { REQUEST_UNSET_POST('ok'); }
 }
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Update stamps directly
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Transfer config data into constants for the template (DO NOT set $_CONFIG as global in LOAD_TEMPLATE!!!)
        define('_CFG_CODE_LENGTH', getConfig('code_length'));
index 8ba924f..d15f8ae 100644 (file)
@@ -40,30 +40,30 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_POST['rate'])) $_POST['rate'] = REVERT_COMMA($_POST['rate']);
+if (REQUEST_ISSET_POST(('rate'))) REQUEST_SET_POST('rate', REVERT_COMMA(REQUEST_POST('rate')));
 
-if ((isset($_POST['add'])) && (!empty($_POST['title'])) && ($_POST['rate'] > 0)) {
+if ((REQUEST_ISSET_POST(('add'))) && (REQUEST_ISSET_POST(('title'))) && (REQUEST_POST('rate') > 0)) {
        // Add new payout type
        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE type='%s' LIMIT 1",
-               array($_POST['title']), __FILE__, __LINE__);
+               array(REQUEST_POST('title')), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Add now
                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_payout_types`
 (type, rate, min_points, from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url)
 VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
  array(
-       $_POST['title'],
-       bigintval($_POST['rate']),
-       bigintval($_POST['mpoi']),
-       $_POST['yacc'],
-       $_POST['ypass'],
-       $_POST['yurl'],
-       $_POST['yrdone'],
-       $_POST['yrfailed'],
-       $_POST['ytrans'],
-       $_POST['allow_url'],
+       REQUEST_POST('title'),
+       bigintval(REQUEST_POST('rate')),
+       bigintval(REQUEST_POST('mpoi')),
+       REQUEST_POST('yacc'),
+       REQUEST_POST('ypass'),
+       REQUEST_POST('yurl'),
+       REQUEST_POST('yrdone'),
+       REQUEST_POST('yrfailed'),
+       REQUEST_POST('ytrans'),
+       REQUEST_POST('allow_url'),
 ), __FILE__, __LINE__);
-               $msg = ADMIN_PAYOUT_TYPE_ADDED;
+               $msg = getMessage('ADMIN_PAYOUT_TYPE_ADDED');
        } else {
                // Free memory
                SQL_FREERESULT($result);
@@ -77,16 +77,16 @@ VALUES ('%s', %d, %d,'%s','%s','%s','%s','%s','%s','%s')",
 $result_mem = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_user_payouts` WHERE `status`='NEW' ORDER BY payout_timestamp DESC", __FILE__, __LINE__);
 
 $display = true;
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+if ((REQUEST_ISSET_POST(('edit'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Edit payout types
-       if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+       if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
                // Edit entries
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Edit only if something is entered
-                       if ((!empty($_POST['title'][$id])) && ($_POST['rate'][$id] > 0)) {
+                       if ((REQUEST_ISSET_POST(('title', $id))) && (REQUEST_POST('rate', $id) > 0)) {
                                // Update entry
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_payout_types` SET
 type='%s',
@@ -95,18 +95,18 @@ min_points=%s,
 allow_url='%s'
 WHERE id='".$id."' LIMIT 1",
  array(
-       $_POST['title'][$id],
-       bigintval(REVERT_COMMA($_POST['rate'][$id])),
-       bigintval(REVERT_COMMA($_POST['mpoi'][$id])),
-       $_POST['allow'][$id],
+       REQUEST_POST('title', $id),
+       bigintval(REVERT_COMMA(REQUEST_POST('rate', $id))),
+       bigintval(REVERT_COMMA(REQUEST_POST('mpoi' , $id))),
+       REQUEST_POST('allow', $id),
 ),__FILE__, __LINE__);
                        }
                }
-               $msg = ADMIN_PAYOUT_ENTRIES_CHANGED;
+               $msg = getMessage('ADMIN_PAYOUT_ENTRIES_CHANGED');
        } else {
                $display = false; //Suppress any other outputs
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Load data
                        $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
@@ -132,11 +132,11 @@ WHERE id='".$id."' LIMIT 1",
                // Load main template
                LOAD_TEMPLATE("admin_config_payouts_edit");
        }
-} elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
+} elseif ((REQUEST_ISSET_POST(('del'))) && (SELECTION_COUNT(REQUEST_POST('sel')) > 0)) {
        // Delete payout types
-       if ((isset($_GET['ok'])) && ($_GET['ok'] == "ok")) {
+       if ((REQUEST_ISSET_GET('ok')) && (REQUEST_GET('ok') == "ok")) {
                // Delete entries
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_payout_types` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                }
@@ -144,7 +144,7 @@ WHERE id='".$id."' LIMIT 1",
        } else {
                $display = false; //Suppress any other outputs
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $sel) {
+               foreach (REQUEST_POST('sel') as $id => $sel) {
                        // Secure ID number
                        $id = bigintval($id);
 
index 524ec68..085393a 100644 (file)
@@ -44,61 +44,61 @@ ADD_DESCR("admin", __FILE__);
 $message = "";
 
 // Is the 'sub' parameter set?
-if (!empty($_GET['sub'])) {
+if (REQUEST_ISSET_GET(('sub'))) {
        // Yes, then do some sanity-checks
-       switch ($_GET['sub'])
+       switch (REQUEST_GET('sub'))
        {
        case "points":
-               if ((empty($_POST['points_register'])) || (empty($_POST['points_ref']))) {
-                       unset($_POST['ok']);
+               if ((!REQUEST_ISSET_POST(('points_register'))) || (!REQUEST_ISSET_POST(('points_ref')))) {
+                       REQUEST_UNSET_POST('ok');
                }
                break;
 
        case "ref":
-               if (isset($_GET['do'])) {
-                       if (((empty($_POST['lvl'])) || (empty($_POST['perc']))) && ($_GET['do'] == "add")) {
-                               unset($_POST['ok']);
+               if (REQUEST_ISSET_GET(('do'))) {
+                       if (((!REQUEST_ISSET_POST(('lvl'))) || (!REQUEST_ISSET_POST(('perc')))) && (REQUEST_GET('do') == "add")) {
+                               REQUEST_UNSET_POST('ok');
                        }
                }
                break;
        }
 } else {
        // Display overview
-       $_GET['sub'] = "overview";
+       REQUEST_SET_GET('sub', "overview");
 }
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        $SQLs = array();
-       switch ($_GET['sub'])
+       switch (REQUEST_GET('sub'))
        {
        case "points":
-               $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".$_POST['points_register']."', points_ref='".$_POST['points_ref']."' WHERE config=0 LIMIT 1";
+               $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_config` SET points_register='".REQUEST_POST('points_register')."', points_ref='".REQUEST_POST('points_ref')."' WHERE config=0 LIMIT 1";
                break;
 
        case "ref":
-               switch ($_GET['do'])
+               switch (REQUEST_GET('do'))
                {
                case "add":
-                       $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".$_POST['lvl']."','".$_POST['perc']."')";
+                       $SQLs[] = "INSERT INTO `{!_MYSQL_PREFIX!}_refdepths` (level, percents) VALUES ('".REQUEST_POST('lvl')."','".REQUEST_POST('perc')."')";
                        break;
 
                case "edit": // Change entries
-                       foreach ($_POST['lvl'] as $id => $value) {
+                       foreach (REQUEST_POST('lvl') as $id => $value) {
                                // Secure ID
                                $id = bigintval($id);
 
                                // Revert german commata
-                               $_POST['perc'][$id] = REVERT_COMMA($_POST['perc'][$id]);
+                               REQUEST_POST('perc', $id) = REVERT_COMMA(REQUEST_POST('perc', $id));
 
                                // Update entry
                                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_refdepths` SET level='%s', percents='%s' WHERE id=%s LIMIT 1",
-                                       array(bigintval($value), $_POST['perc'][$id], $id), __FILE__, __LINE__);
+                                       array(bigintval($value), REQUEST_POST('perc', $id), $id), __FILE__, __LINE__);
                        }
                        $message = REF_DEPTHS_SAVED;
                        break;
 
                case "del":
-                       foreach ($_POST['id'] as $id => $value) {
+                       foreach (REQUEST_POST('id') as $id => $value) {
                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
                                        array(bigintval($id)), __FILE__, __LINE__);
                        }
@@ -113,21 +113,21 @@ if (isset($_POST['ok'])) {
                break;
 
        case "settings":
-               $REF = bigintval($_POST['ref_payout']);
+               $REF = bigintval(REQUEST_POST('ref_payout'));
                $SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_config` SET
 allow_direct_pay='%s',
 reg_points_mode='%s',
 ref_payout='%s'
 WHERE config=0 LIMIT 1",
-                       $_POST['allow_direct_pay'],
-                       $_POST['reg_points_mode'],
+                       REQUEST_POST('allow_direct_pay'),
+                       REQUEST_POST('reg_points_mode'),
                        $REF
                );
-               if ((getConfig('ref_payout') == 0) && ($_POST['ref_payout'] > 0)) {
+               if ((getConfig('ref_payout') == 0) && (REQUEST_POST('ref_payout') > 0)) {
                        // Update account's ref_payout for "must-confirm"
                        $SQLs[] = sprintf("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=(%s - mails_confirmed)
 WHERE mails_confirmed < %s", $REF, $REF);
-               } elseif ((getConfig('ref_payout') > 0) && ($_POST['ref_payout'] == 0)) {
+               } elseif ((getConfig('ref_payout') > 0) && (REQUEST_POST('ref_payout') == 0)) {
                        // Update account's ref_payout for "not-must-confirm"
                        $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_data` SET ref_payout=0 WHERE ref_payout > 0";
                        $SQLs[] = "UPDATE `{!_MYSQL_PREFIX!}_user_points` SET points=points+locked_points WHERE locked_points>0";
@@ -139,7 +139,7 @@ WHERE mails_confirmed < %s", $REF, $REF);
        if ((isset($SQLs)) && (is_array($SQLs)) && (!empty($SQLs[0]))) {
                if (strpos($SQLs[0], "INSERT") > -1) {
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE level='%s' LIMIT 1",
-                               array(bigintval($_POST['lvl'])), __FILE__, __LINE__);
+                               array(bigintval(REQUEST_POST('lvl'))), __FILE__, __LINE__);
                        SQL_FREERESULT($result);
                } // END - if
 
@@ -166,7 +166,7 @@ WHERE mails_confirmed < %s", $REF, $REF);
                // When do so...
                LOAD_TEMPLATE("admin_settings_saved", false, $message);
        }
-} elseif ($_GET['sub'] == "settings") {
+} elseif (REQUEST_GET('sub') == "settings") {
        // Setup some settings like direct pay and so on
        // Including new add-mode for one-time referal bonus
        switch (getConfig('allow_direct_pay')) {
@@ -192,11 +192,11 @@ WHERE mails_confirmed < %s", $REF, $REF);
 
        // Load template
        LOAD_TEMPLATE("admin_config_point_settings");
-} elseif ($_GET['sub'] == "ref") {
-       if ((isset($_POST['del'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+} elseif (REQUEST_GET('sub') == "ref") {
+       if ((REQUEST_ISSET_POST(('del'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
                // Delete entries
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $value) {
+               foreach (REQUEST_POST('sel') as $id => $value) {
                        $result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
                                array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
@@ -218,10 +218,10 @@ WHERE mails_confirmed < %s", $REF, $REF);
 
                // Load main template
                LOAD_TEMPLATE("admin_points_del");
-       } elseif ((isset($_POST['edit'])) && (isset($_POST['sel'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
+       } elseif ((REQUEST_ISSET_POST(('edit'))) && (REQUEST_ISSET_POST(('sel'))) && ((SELECTION_COUNT(REQUEST_POST('sel')) > 0) || (REQUEST_ISSET_POST(('sel', 0))))) {
                // Edit entries
                $SW = 2; $OUT = "";
-               foreach ($_POST['sel'] as $id => $value) {
+               foreach (REQUEST_POST('sel') as $id => $value) {
                        $result = SQL_QUERY_ESC("SELECT level, percents FROM `{!_MYSQL_PREFIX!}_refdepths` WHERE id=%s LIMIT 1",
                         array(bigintval($id)), __FILE__, __LINE__);
                        list($lvl, $perc) = SQL_FETCHROW($result);
@@ -276,7 +276,7 @@ WHERE mails_confirmed < %s", $REF, $REF);
                // Form for adding new referal levels
                LOAD_TEMPLATE("admin_add_reflvl");
        }
-} elseif ($_GET['sub'] == "points") {
+} elseif (REQUEST_GET('sub') == "points") {
        // First points for registration and other fixed points including new add-mode for one-time referal bonus...
        define('P_REG_VALUE', getConfig('points_register'));
        define('P_REF_VALUE', getConfig('points_ref'));
index ea836b6..8b26a7b 100644 (file)
@@ -40,21 +40,21 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // First merge temporarily the new API data into the current config
-       mergeConfig($_POST);
+       mergeConfig(REQUEST_POST_ARRAY());
 
        // Is the password set?
-       if (isset($_POST['pass'])) {
+       if (REQUEST_ISSET_POST(('pass'))) {
                // Then hash and remove it
-               $_POST['primera_api_md5'] = md5($_POST['pass']);
-               unset($_POST['pass']);
+               REQUEST_SET_POST('primera_api_md5', md5(REQUEST_POST('pass')));
+               REQUEST_UNSET_POST('pass');
        } // END - if
 
        // Let's test the API first (hold your horses here, cowboy! Thank you. :) )
        if (PRIMERA_TEST_API()) {
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Failed to test the API!
                LOAD_TEMPLATE("admin_settings_saved", false, GET_PRIMERA_ERROR_MESSAGE());
index 9d74c9b..b01ace1 100644 (file)
@@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Test proxy settings
-       if (ADMIN_TEST_PROXY_SETTINGS($_POST)) {
+       if (ADMIN_TEST_PROXY_SETTINGS(REQUEST_POST_ARRAY())) {
                // Save configuration
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Invalid!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_PROXY_SETTINGS_INVALID'));
index 33f5353..73e182f 100644 (file)
@@ -40,16 +40,16 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (!empty($_GET['rallye']))
+if (REQUEST_ISSET_GET(('rallye')))
 {
        // Price submitted?
-       if (isset($_POST['add']))
+       if (REQUEST_ISSET_POST(('add')))
        {
-               if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
+               if ((REQUEST_ISSET_POST(('level'))) && ((REQUEST_ISSET_POST(('points'))) || (REQUEST_ISSET_POST(('info')))))
                {
                        // Submitted data is valid, but maybe we already have this price level?
                        $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
-                        array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
+                        array(bigintval(REQUEST_GET('rallye')), bigintval(REQUEST_POST('level'))), __FILE__, __LINE__);
 
                        if (SQL_NUMROWS($result) == 0)
                        {
@@ -57,10 +57,10 @@ if (!empty($_GET['rallye']))
                                SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_prices` (rallye_id, price_level, points, info)
 VALUES ('%s','%s','%s','%s')",
  array(
-       bigintval($_GET['rallye']),
-       bigintval($_POST['level']),
-       $_POST['points'],
-       $_POST['info']
+       bigintval(REQUEST_GET('rallye')),
+       bigintval(REQUEST_POST('level')),
+       REQUEST_POST('points'),
+       REQUEST_POST('info')
 ), __FILE__, __LINE__);
                                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
                        }
@@ -73,12 +73,12 @@ VALUES ('%s','%s','%s','%s')",
                                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
                        }
                }
-       } elseif (isset($_POST['remove'])) {
+       } elseif (REQUEST_ISSET_POST(('remove'))) {
                // Check if at last one line is selected
-               $SEL = SELECTION_COUNT($_POST['sel']);
+               $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
                if ($SEL > 0) {
                        // Delete selected entries
-                       foreach ($_POST['sel'] as $id => $sel) {
+                       foreach (REQUEST_POST('sel') as $id => $sel) {
                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
                                        array(bigintval($id)), __FILE__, __LINE__);
                        }
@@ -88,33 +88,37 @@ VALUES ('%s','%s','%s','%s')",
                } else {
                        LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
                }
-       } elseif (isset($_POST['change'])) {
+       } elseif (REQUEST_ISSET_POST(('change'))) {
                // Change entries
-               foreach ($_POST['level'] as $id => $level) {
+               foreach (REQUEST_POST('level') as $id => $level) {
                        // Secure ID
                        $id = bigintval($id);
 
                        // Update entry
                        SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_rallye_prices` SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
-                               array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
+                               array(
+                                       REQUEST_POST('rallye_id', $id),
+                                       bigintval($level),
+                                       REQUEST_POST('points', $id]),
+                                       REQUEST_POST('infos', $id),
+                                       $id
+                               ), __FILE__, __LINE__);
                }
 
                // Output message
                LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
        }
 
-       if (isset($_POST['edit'])) {
+       if (REQUEST_ISSET_POST(('edit'))) {
                // Check if at last one line is selected
-               $SEL = SELECTION_COUNT($_POST['sel']);
-               if ($SEL > 0)
-               {
+               $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
+               if ($SEL > 0) {
                        // Make selected editable
                        $SW = 2; $OUT = "";
-                       foreach ($_POST['sel'] as $id => $sel)
-                       {
+                       foreach (REQUEST_POST('sel') as $id => $sel) {
                                // Load data to selected rallye
                                $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
-                                array(bigintval($id)), __FILE__, __LINE__);
+                                       array(bigintval($id)), __FILE__, __LINE__);
                                list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
                                SQL_FREERESULT($result);
 
@@ -135,7 +139,7 @@ VALUES ('%s','%s','%s','%s')",
                        define('__PRICE_ROWS', $OUT);
 
                        // Prepare data for the main template
-                       define('__RALLYE_ID', $_GET['rallye']);
+                       define('__RALLYE_ID', REQUEST_GET('rallye'));
 
                        // Load main template
                        LOAD_TEMPLATE("admin_config_rallye_edit");
@@ -143,19 +147,19 @@ VALUES ('%s','%s','%s','%s')",
                 else
                {
                        // Nothing selected
-                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
+                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
                        LOAD_TEMPLATE("admin_settings_saved", false, $content);
                }
        }
-        elseif (isset($_POST['del']))
+        elseif (REQUEST_ISSET_POST(('del')))
        {
                // Check if at last one line is selected
-               $SEL = SELECTION_COUNT($_POST['sel']);
+               $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
                if ($SEL > 0)
                {
                        // List all prices
                        $SW = 2; $OUT = "";
-                       foreach ($_POST['sel'] as $id => $sel)
+                       foreach (REQUEST_POST('sel') as $id => $sel)
                        {
                                // Load data to selected rallye
                                $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE id=%s LIMIT 1",
@@ -181,7 +185,7 @@ VALUES ('%s','%s','%s','%s')",
                        define('__PRICE_ROWS', $OUT);
 
                        // Prepare data for the main template
-                       define('__RALLYE_ID', $_GET['rallye']);
+                       define('__RALLYE_ID', REQUEST_GET('rallye'));
 
                        // Load main template
                        LOAD_TEMPLATE("admin_config_rallye_del");
@@ -189,7 +193,7 @@ VALUES ('%s','%s','%s','%s')",
                 else
                {
                        // Nothing selected
-                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
+                       $content = RALLYE_NO_PRICES_SELECTED_1."<a href=\"{!URL!}/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".REQUEST_GET('rallye')."\">".RALLYE_NO_PRICES_SELECTED_2."</a>".RALLYE_NO_PRICES_SELECTED_3;
                        LOAD_TEMPLATE("admin_settings_saved", false, $content);
                }
        }
@@ -197,7 +201,7 @@ VALUES ('%s','%s','%s','%s')",
        {
                // a rallye was selected, so check if there are already prices assigned...
                $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM `{!_MYSQL_PREFIX!}_rallye_prices` WHERE rallye_id=%s ORDER BY price_level",
-                array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
+                array(bigintval(REQUEST_GET('rallye'))), __FILE__, __LINE__);
 
                if (SQL_NUMROWS($result) > 0)
                {
@@ -226,7 +230,7 @@ VALUES ('%s','%s','%s','%s')",
                        define('__PRICE_ROWS', $OUT);
 
                        // Prepare data for the main template
-                       define('__RALLYE_ID', $_GET['rallye']);
+                       define('__RALLYE_ID', REQUEST_GET('rallye'));
 
                        // Load main template
                        LOAD_TEMPLATE("admin_config_rallye_prices");
@@ -234,13 +238,10 @@ VALUES ('%s','%s','%s','%s')",
        }
 
        // Add form for adding new price level
-       if (empty($_POST['edit']))
-       {
-               LOAD_TEMPLATE("admin_add_rallye_prices", false, $_GET['rallye']);
+       if (!REQUEST_ISSET_POST(('edit'))) {
+               LOAD_TEMPLATE("admin_add_rallye_prices", false, REQUEST_GET('rallye'));
        }
-}
- else
-{
+} else {
        // No rallye selected so display all available without prices
        $result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active
 FROM `{!_MYSQL_PREFIX!}_rallye_data` AS d, `{!_MYSQL_PREFIX!}_admins` AS a
index 3939a8c..599f4b7 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare content
        $content = array(
index e737934..7d91ef7 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save data
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare contants for the template
        define('__MEMBER_SELECTION', ADD_MEMBER_SELECTION_BOX(getConfig('def_refid'), false, true, true, "def_refid"));
index 21e4c6d..be5aab4 100644 (file)
@@ -41,8 +41,8 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Do we want to save changes?
-if (isset($_POST['ok'])) {
-       foreach ($_POST['sel'] as $id => $value) {
+if (IS_FORM_SENT()) {
+       foreach (REQUEST_POST('sel') as $id => $value) {
                SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_must_register` SET field_required='%s' WHERE id=%s AND field_required != '%s' LIMIT 1",
                        array($value, bigintval($id), $value),__FILE__, __LINE__);
        }
index 0b66142..3356d97 100644 (file)
@@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Calculate timestamp from selections...
-       $_POST['ip_timeout'] = CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", $_POST);
-       $_POST['least_cats'] = round($_POST['least_cats']);
+       REQUEST_SET_POST('ip_timeout', CREATE_TIMESTAMP_FROM_SELECTIONS("ip_timeout", REQUEST_POST_ARRAY()));
+       REQUEST_SET_POST('least_cats', round(REQUEST_POST('least_cats')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Remember stuff in constants
        define('LEAST_CATS_VALUE'   , round(getConfig('least_cats')));
index 3340076..f0e0db8 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save configuration
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare data
        switch (getConfig('removeip_anon_ip')) {
index ed73ec9..00bfce4 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Generate string
        $MODs = array();
-       foreach ($_POST['mod'] as $mod => $sel) {
+       foreach (REQUEST_POST('mod') as $mod => $sel) {
                // Now you can never deselect the admin module, bah!!! ;-)
                if (($sel == "Y") || ($mod == "admin")) {
                        // Add module to queue
@@ -52,11 +52,11 @@ if (isset($_POST['ok'])) {
        }
 
        // Implode array to string and remove posted mod array
-       $_POST['rewrite_skip'] = implode(":", $MODs);
-       unset($_POST['mod']);
+       REQUEST_SET_POST('rewrite_skip', implode(":", $MODs));
+       REQUEST_UNSET_POST(('mod'));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Load existing modules and generate TR rows for the template
        $result = SQL_QUERY("SELECT module, title FROM `{!_MYSQL_PREFIX!}_mod_reg` ORDER BY module", __FILE__, __LINE__);
index b717f17..3effe1d 100644 (file)
@@ -39,21 +39,21 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // If salt length is empty or null then we shall generate new passwords
-       if (empty($_POST['salt_length']) || ($_POST['salt_length'] == "0")) {
+       if (!REQUEST_ISSET_POST(('salt_length')) || (REQUEST_POST('salt_length') == "0")) {
                // Generate new passwords for all!
                LOAD_INC("inc/gen_sql_patches.php");
 
                // Forget the wrong number!
-               unset($_POST['salt_length']);
+               REQUEST_UNSET_POST(('salt_length'));
 
                // Redirect to logout link
                LOAD_URL("modules.php?module=admin&logout=1");
        } // END - if
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Remember stuff in constants
        define('__PASS_LEN'   , getConfig('pass_len'));
index 9da34ff..131bf44 100644 (file)
@@ -40,11 +40,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Test Path
-       if ((empty($_POST['session_save_path'])) || ((is_dir($_POST['session_save_path'])) && (is_writeable($_POST['session_save_path'])))) {
+       if ((!REQUEST_ISSET_POST(('session_save_path'))) || ((is_dir(REQUEST_POST('session_save_path'))) && (is_writeable(REQUEST_POST('session_save_path'))))) {
                // Save configuration
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Invalid!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_SESSION_SAVE_PATH_INVALID'));
index ba900de..292fd27 100644 (file)
@@ -40,13 +40,13 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Allow only direct points (non-floating)
-       $_POST['sponsor_min_points'] = bigintval($_POST['sponsor_min_points']);
-       $_POST['sponsor_ref_points'] = bigintval($_POST['sponsor_ref_points']);
+       REQUEST_SET_POST('sponsor_min_points', bigintval(REQUEST_POST('sponsor_min_points')));
+       REQUEST_SET_POST('sponsor_ref_points', bigintval(REQUEST_POST('sponsor_ref_points')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Remember config data in constants for the template
        define('__SPONSOR_MIN_POINTS', getConfig('sponsor_min_points'));
index d765918..ece898a 100644 (file)
@@ -41,9 +41,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Guest stats
        switch (getConfig('guest_stats'))
index dcbea25..854470c 100644 (file)
@@ -41,14 +41,14 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Replace german decimal comma with computer decimal dot
-       if (isset($_POST['surfbar_static_reward']))   $_POST['surfbar_static_reward']   = REVERT_COMMA($_POST['surfbar_static_reward']);
-       if (isset($_POST['surfbar_static_costs']))    $_POST['surfbar_static_costs']    = REVERT_COMMA($_POST['surfbar_static_costs']);
-       if (isset($_POST['surfbar_dynamic_percent'])) $_POST['surfbar_dynamic_percent'] = REVERT_COMMA($_POST['surfbar_dynamic_percent']);
+       if (REQUEST_ISSET_POST(('surfbar_static_reward')))   REQUEST_SET_POST('surfbar_static_reward'  , REVERT_COMMA(REQUEST_POST('surfbar_static_reward')));
+       if (REQUEST_ISSET_POST(('surfbar_static_costs')))    REQUEST_SET_POST('surfbar_static_costs'   , REVERT_COMMA(REQUEST_POST('surfbar_static_costs')));
+       if (REQUEST_ISSET_POST(('surfbar_dynamic_percent'))) REQUEST_SET_POST('surfbar_dynamic_percent', REVERT_COMMA(REQUEST_POST('surfbar_dynamic_percent')));
 
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare content
        $content = array(
index 8ebb2a9..4f15a69 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
  else
 {
index 4eeaf49..553a924 100644 (file)
@@ -40,10 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok']))
+if (IS_FORM_SENT())
 {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
  else
 {
index 5e6e755..29320d1 100644 (file)
@@ -40,9 +40,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save settings...
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 }
 
 // Prepare constants for template
index 62df281..914c9c2 100644 (file)
@@ -39,9 +39,9 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Save settings
-       ADMIN_SAVE_SETTINGS($_POST);
+       ADMIN_SAVE_SETTINGS_POST();
 } else {
        // Prepare constants for the template
        define('__LIMIT_VALUE', getConfig('user_limit'));
index b92afc0..1dc18f6 100644 (file)
@@ -40,23 +40,23 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // First merge temporarily the new API data into the current config
-       mergeConfig($_POST);
+       mergeConfig(REQUEST_POST_ARRAY());
 
        // Let's test the API first (hold your horses here, cowboy! Thank you. :) )
        if (WERNIS_TEST_API()) {
                // Revert german commata
                foreach (array('payout_factor', 'withdraw_factor', 'payout_fee_percent', 'withdraw_fee_percent') as $revert) {
-                       $_POST['wernis_'.$revert] = REVERT_COMMA($_POST['wernis_'.$revert]);
+                       REQUEST_SET_POST('wernis_'.$revert, REVERT_COMMA(REQUEST_POST('wernis_'.$revert)));
                } // END - if
 
                // Hash the password and remove clear-text
-               $_POST['wernis_pass_md5'] = md5($_POST['wernis_pass']);
-               unset($_POST['wernis_pass']);
+               REQUEST_SET_POST('wernis_pass_md5', md5(REQUEST_POST('wernis_pass')));
+               REQUEST_UNSET_POST(('wernis_pass'));
 
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Failed to test the API!
                LOAD_TEMPLATE("admin_settings_saved", false, GET_WERNIS_ERROR_MESSAGE());
index 0b2618f..0f3e923 100644 (file)
@@ -44,11 +44,11 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR("admin", __FILE__);
 
 // Was the form submitted?
-if (isset($_POST['ok'])) {
+if (IS_FORM_SENT()) {
        // Test Yoo!Media config
-       if (YOOMEDIA_TEST_CONFIG($_POST)) {
+       if (YOOMEDIA_TEST_CONFIG(REQUEST_POST_ARRAY())) {
                // Save settings
-               ADMIN_SAVE_SETTINGS($_POST);
+               ADMIN_SAVE_SETTINGS_POST();
        } else {
                // Config not saved
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_CONFIG_YOOMEDIA_TEST_FAILED'));
index a1ed1b1..3b2e9fe 100644 (file)
@@ -46,10 +46,10 @@ ADD_DESCR("admin", __FILE__);
 // Init counter for deleted mails
 $cnt = 0;
 
-if (!empty($_GET['mid'])) {
+if (REQUEST_ISSET_GET(('mid'))) {
        // Load email data
        $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp, payment_id FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
-               array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
 
        // Delete mail only once
        if (SQL_NUMROWS($result) == 1) {
@@ -82,7 +82,7 @@ if (!empty($_GET['mid'])) {
 LEFT JOIN `{!_MYSQL_PREFIX!}_pool` AS p
 ON s.pool_id=p.id
 WHERE s.pool_id=%s LIMIT 1",
- array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
                if (SQL_NUMROWS($result_pool) == 1) {
                        // Fetch stats id
                        list($stats_id) = SQL_FETCHROW($result_pool);
@@ -91,7 +91,7 @@ WHERE s.pool_id=%s LIMIT 1",
                        $links = GET_TOTAL_DATA($stats_id, "user_links", "userid", "stats_id", true);
 
                        // Reset sent mails for recipient(s)
-                       REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", $_GET['mid'], $links);
+                       REDUCT_RECIPIENT_RECEIVED_MAILS("stats_id", REQUEST_GET('mid'), $links);
 
                        // Calc total points and pay them back
                        $totalPoints = $links * $price;
@@ -137,7 +137,7 @@ WHERE s.pool_id=%s LIMIT 1",
                        $cnt += SQL_AFFECTEDROWS();
 
                        // Load template for link
-                       LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&amp;what=del_email&amp;pid=".bigintval($_GET['mid'])."\">".ADMIN_REMOVE_STATS_ENTRY."</a>");
+                       LOAD_TEMPLATE("admin_settings_saved", false, "<a href=\"{!URL!}/modules.php?module=admin&amp;what=del_email&amp;pid=".bigintval(REQUEST_GET('mid'))."\">".ADMIN_REMOVE_STATS_ENTRY."</a>");
                } // END - if
 
                // Free the result
@@ -145,7 +145,7 @@ WHERE s.pool_id=%s LIMIT 1",
 
                // Delete mail from queue
                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
-                       array(bigintval($_GET['mid'])), __FILE__, __LINE__);
+                       array(bigintval(REQUEST_GET('mid'))), __FILE__, __LINE__);
                $cnt += SQL_AFFECTEDROWS();
 
                // Output link for manually removing stats entry
@@ -154,17 +154,17 @@ WHERE s.pool_id=%s LIMIT 1",
                // Mail already deleted!
                LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NORMAL_MAIL_ALREADY_DELETED'));
        }
-} elseif (!empty($_GET['pid'])) {
+} elseif (REQUEST_ISSET_GET(('pid'))) {
        // Remove stats entries
        SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_user_stats` WHERE pool_id=%s LIMIT 1",
-               array(bigintval($_GET['pid'])), __FILE__, __LINE__);
+               array(bigintval(REQUEST_GET('pid'))), __FILE__, __LINE__);
 
        // Output message
        LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_USER_STATS_REMOVED'));
-} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) {
+} elseif ((REQUEST_ISSET_GET(('bid'))) && (EXT_IS_ACTIVE("