More fixes for surfbar, SQL_QUERY_ESC() now escapes zeros

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index a49a60f10903333ac939830ce1cda4fed8af0489..9bf9d9eaf98b8b0036243c2fd122bb6deeaf37b1 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -203,7 +203,7 @@ function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
        global $link;
        $eval = "\$query = sprintf(\"".$qstring."\"";
        foreach ($data as $var) {
        global $link;
        $eval = "\$query = sprintf(\"".$qstring."\"";
        foreach ($data as $var) {

-               if (!empty($var)) {
+               if ((!empty($var)) || ($var === 0)) {

                        if ($strip) {
                                $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
                        } else {
                        if ($strip) {
                                $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
                        } else {

diff --git a/inc/functions.php b/inc/functions.php
index 64ff243e2e37ca28910a18919b330e09dd9fd212..da970eb6f5f4b07d62acf20550100a73dc66c608 100644 (file)
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -33,7 +33,7 @@
 
 // Some security stuff...
 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 
 // Some security stuff...
 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {

-       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+       $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";

        require($INC);
 }
 
        require($INC);
 }
 


@@ -140,7 +140,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
                while (strpos($OUTPUT, '{!') > 0) {
                        // Prepare the content and eval() it...
                        $newContent = "";
                while (strpos($OUTPUT, '{!') > 0) {
                        // Prepare the content and eval() it...
                        $newContent = "";

-                       $eval = "\$newContent = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";";
+                       $eval = "\$newContent = \"".COMPILE_CODE(addslashes($OUTPUT))."\";";

                        @eval($eval);
 
                        if (empty($newContent)) {
                        @eval($eval);
 
                        if (empty($newContent)) {


@@ -160,7 +160,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
 
                // Compile and run finished rendered HTML code
                while (strpos($OUTPUT, '{!') > 0) {
 
                // Compile and run finished rendered HTML code
                while (strpos($OUTPUT, '{!') > 0) {

-                       $eval = "\$OUTPUT = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";";
+                       $eval = "\$OUTPUT = \"".COMPILE_CODE(addslashes($OUTPUT))."\";";

                        eval($eval);
                }
 
                        eval($eval);
                }
 


@@ -292,7 +292,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
                // Do we have to compile the code?
                if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) {
                        // Okay, compile it!
                // Do we have to compile the code?
                if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) {
                        // Okay, compile it!

-                       $tmpl_file = "\$ret=\"" . COMPILE_CODE(addslashes($tmpl_file)) . "\";";
+                       $tmpl_file = "\$ret=\"".COMPILE_CODE(addslashes($tmpl_file))."\";";

                        eval($tmpl_file);
                } else {
                        // Simply return loaded code
                        eval($tmpl_file);
                } else {
                        // Simply return loaded code


@@ -332,7 +332,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
 // Send mail out to an email address
 function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
        // Compile subject line (for POINTS constant etc.)
 // Send mail out to an email address
 function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
        // Compile subject line (for POINTS constant etc.)

-       $eval = "\$SUBJECT = \"" . COMPILE_CODE(addslashes($SUBJECT)) . "\";";
+       $eval = "\$SUBJECT = \"".COMPILE_CODE(addslashes($SUBJECT))."\";";

        eval($eval);
        $SUBJECT = html_entity_decode($SUBJECT);
 
        eval($eval);
        $SUBJECT = html_entity_decode($SUBJECT);
 


@@ -1858,7 +1858,7 @@ function MEMBER_ACTION_LINKS($uid, $status="") {
        }
 
        // Finish navigation link
        }
 
        // Finish navigation link

-       $eval = substr($eval, 0, -7) . "]\";";
+       $eval = substr($eval, 0, -7)."]\";";

        eval($eval);
 
        // Return string
        eval($eval);
 
        // Return string


@@ -1942,7 +1942,7 @@ function generateHash ($plainText, $salt = "") {
        }
 
        // Return hash
        }
 
        // Return hash

-       return $salt . sha1($salt . $plainText);
+       return $salt.sha1($salt.$plainText);

 }
 //
 function scrambleString($str) {
 }
 //
 function scrambleString($str) {

diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php
index 1a451ebb2355bca3edf152bae8dc4f90f818404b..529733265815adff0accb8fd7a96f3354172cc3e 100644 (file)
--- a/inc/libs/surfbar_functions.php
+++ b/inc/libs/surfbar_functions.php
@@ -338,8 +338,8 @@ function SURFBAR_LOCKDOWN_ID ($id) {
                array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__);
 
        // Remove the salt from database
                array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__);
 
        // Remove the salt from database

-       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_surfbar_salts WHERE url_id=%s AND userid=%s LIMIT 1",
-               array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);
+       //SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_surfbar_salts WHERE url_id=%s AND userid=%s LIMIT 1",
+       //      array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);

 }
 // Pay points to the user and remove it from the sender
 function SURFBAR_PAY_POINTS ($id) {
 }
 // Pay points to the user and remove it from the sender
 function SURFBAR_PAY_POINTS ($id) {


@@ -394,7 +394,7 @@ LIMIT 1",
        SQL_FREERESULT($result);
 
        // Return check
        SQL_FREERESULT($result);
 
        // Return check

-       //* DEBUG: */ echo __FUNCTION__.":cnt={$cnt}<br />\n";
+       //* DEBUG: */ echo __FUNCTION__.":cnt={$cnt},".SURFBAR_GET_DATA('surf_lock')."<br />\n";

        return ($cnt == 1);
 }
 // Determine next id for surfbar view, always call this before you call other
        return ($cnt == 1);
 }
 // Determine next id for surfbar view, always call this before you call other


@@ -426,19 +426,21 @@ LEFT JOIN "._MYSQL_PREFIX."_surfbar_salts AS sbs
 ON sbu.id=sbs.url_id
 LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l
 ON sbu.id=l.url_id
 ON sbu.id=sbs.url_id
 LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l
 ON sbu.id=l.url_id

-WHERE sbu.userid != %d AND sbu.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed))
-ORDER BY l.last_surfed DESC, sbs.last_salt ASC, sbu.id ASC
-LIMIT %d,1",
+WHERE sbu.userid != %s AND sbu.status='CONFIRMED' AND (l.last_surfed IS NULL OR (UNIX_TIMESTAMP() - ".SURFBAR_GET_DATA('surf_lock').") >= UNIX_TIMESTAMP(l.last_surfed))
+ORDER BY l.last_surfed ASC, sbu.id ASC
+LIMIT %s,1",

                        array($GLOBALS['userid'], $randNum), __FILE__, __LINE__
                );
        } else {
                // Get data from specified id number
                        array($GLOBALS['userid'], $randNum), __FILE__, __LINE__
                );
        } else {
                // Get data from specified id number

-               $result = SQL_QUERY_ESC("SELECT sbu.id, sbu.userid, sbu.url, sbs.last_salt, sbu.reward, sbu.costs, sbu.views_total, p.time
+               $result = SQL_QUERY_ESC("SELECT sbu.id, sbu.userid, sbu.url, sbs.last_salt, sbu.reward, sbu.costs, sbu.views_total, p.time, UNIX_TIMESTAMP(l.last_surfed) AS last_surfed

 FROM "._MYSQL_PREFIX."_surfbar_urls AS sbu
 LEFT JOIN "._MYSQL_PREFIX."_payments AS p
 ON sbu.payment_id=p.id
 LEFT JOIN "._MYSQL_PREFIX."_surfbar_salts AS sbs
 ON sbu.id=sbs.url_id
 FROM "._MYSQL_PREFIX."_surfbar_urls AS sbu
 LEFT JOIN "._MYSQL_PREFIX."_payments AS p
 ON sbu.payment_id=p.id
 LEFT JOIN "._MYSQL_PREFIX."_surfbar_salts AS sbs
 ON sbu.id=sbs.url_id

+LEFT JOIN "._MYSQL_PREFIX."_surfbar_locks AS l
+ON sbu.id=l.url_id

 WHERE sbu.userid != %s AND sbu.status='CONFIRMED' AND sbu.id=%s
 LIMIT 1",
                        array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__
 WHERE sbu.userid != %s AND sbu.status='CONFIRMED' AND sbu.id=%s
 LIMIT 1",
                        array($GLOBALS['userid'], bigintval($id)), __FILE__, __LINE__


@@ -455,18 +457,21 @@ LIMIT 1",
                // Is the time there?
                if (is_null($SURFBAR_CACHE['time'])) {
                        // Then repair it wit the static!
                // Is the time there?
                if (is_null($SURFBAR_CACHE['time'])) {
                        // Then repair it wit the static!

+                       //* DEBUG: */ echo __FUNCTION__.": time - STATIC!<br />\n";

                        $SURFBAR_CACHE['time'] = $_CONFIG['surfbar_static_time'];
                } // END - if
 
                // Is the last salt there?
                if (is_null($SURFBAR_CACHE['last_salt'])) {
                        // Then repair it wit the static!
                        $SURFBAR_CACHE['time'] = $_CONFIG['surfbar_static_time'];
                } // END - if
 
                // Is the last salt there?
                if (is_null($SURFBAR_CACHE['last_salt'])) {
                        // Then repair it wit the static!

+                       //* DEBUG: */ echo __FUNCTION__.": last_salt - FIXED!<br />\n";

                        $SURFBAR_CACHE['last_salt'] = "";
                } // END - if
 
                // Fix missing last_surfed
                if ((!isset($SURFBAR_CACHE['last_surfed'])) || (is_null($SURFBAR_CACHE['last_surfed']))) {
                        // Fix it here
                        $SURFBAR_CACHE['last_salt'] = "";
                } // END - if
 
                // Fix missing last_surfed
                if ((!isset($SURFBAR_CACHE['last_surfed'])) || (is_null($SURFBAR_CACHE['last_surfed']))) {
                        // Fix it here

+                       //* DEBUG: */ echo __FUNCTION__.": last_surfed - FIXED!<br />\n";

                        $SURFBAR_CACHE['last_surfed'] = "0";
                } // END - if
 
                        $SURFBAR_CACHE['last_surfed'] = "0";
                } // END - if
 

diff --git a/surfbar.php b/surfbar.php
index d283eacf2dc390db78a7b2ba8a509cf8e1d70e4f..a5dd72bd508c8a2087edb1eb5da503c2c5afd1a8 100644 (file)
--- a/surfbar.php
+++ b/surfbar.php
@@ -99,11 +99,11 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
                        // Check if reload is full
                        if (SURFBAR_CHECK_RELOAD_FULL()) {
                                // Then load waiting page
                        // Check if reload is full
                        if (SURFBAR_CHECK_RELOAD_FULL()) {
                                // Then load waiting page

-                               LOAD_URL("surfbar.php?frame=start");
+                               LOAD_URL("surfbar.php?frame=stop");

                        } // END - if
                } else {
                        } // END - if
                } else {

-                       // Reload to start frame!
-                       LOAD_URL("surfbar.php?frame=start");
+                       // Reload to stop frame!
+                       LOAD_URL("surfbar.php?frame=stop");

                }
 
                // All done, so fix notice for footer.php
                }
 
                // All done, so fix notice for footer.php