Cookie code removed, rewritten, internal URLs are now relative (see LOAD_URL()),...
authorRoland Häder <roland@mxchange.org>
Sat, 7 Feb 2009 17:27:15 +0000 (17:27 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 7 Feb 2009 17:27:15 +0000 (17:27 +0000)
47 files changed:
beg.php
confirm.php
inc/databases.php
inc/filters.php
inc/functions.php
inc/language.php
inc/libs/admins_functions.php
inc/libs/nickname_functions.php
inc/libs/primera_functions.php
inc/libs/security_functions.php
inc/libs/sponsor_functions.php
inc/libs/theme_functions.php
inc/libs/user_functions.php
inc/mails/beg_mails.php
inc/mails/bonus_mails.php
inc/modules/admin.php
inc/modules/admin/admin-inc.php
inc/modules/admin/overview-inc.php
inc/modules/admin/what-del_sponsor.php
inc/modules/admin/what-list_newsletter.php
inc/modules/admin/what-lock_sponsor.php
inc/modules/admin/what-lock_user.php
inc/modules/admin/what-theme_edit.php
inc/modules/chk_login.php
inc/modules/guest/what-confirm.php
inc/modules/guest/what-login.php
inc/modules/guest/what-sponsor_login.php
inc/modules/login.php
inc/modules/member/action-surfbar.php
inc/modules/member/what-logout.php
inc/modules/member/what-mydata.php
inc/modules/member/what-order.php
inc/modules/member/what-sponsor.php
inc/modules/member/what-surfbar_book.php
inc/modules/member/what-surfbar_list.php
inc/modules/member/what-surfbar_stats.php
inc/modules/member/what-themes.php
inc/modules/order.php
inc/modules/sponsor/account.php
inc/modules/sponsor/settings.php
inc/modules/sponsor/welcome.php
inc/mysql-manager.php
index.php
ref.php
sponsor_confirm.php
sponsor_ref.php
surfbar.php

diff --git a/beg.php b/beg.php
index 531e8db..b0ecebb 100644 (file)
--- a/beg.php
+++ b/beg.php
@@ -208,10 +208,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                        require_once(PATH."inc/footer.php");
                } elseif (($status != "CONFIRMED") && ($status != "failed")) {
                        // Maybe locked/unconfirmed account?
-                       switch ($status) {
-                               case "LOCKED"     : $msg = CODE_ID_LOCKED     ; break; // Locked account
-                               case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account
-                       }
+                       $msg = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
                } elseif (($uid == "0") || ($status == "failed")) {
                        // Inalid or locked account, so let's find out
                        $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1",
index e55e503..49197dc 100644 (file)
@@ -47,10 +47,10 @@ require("inc/config.php");
 // Is the script installed?
 if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered'))) {
        // Base URL for redirection
-       $URL = URL."/modules.php?module=index&what=confirm&hash=";
+       $URL = "modules.php?module=index&amp;what=confirm&hash=";
        if (empty($_GET['hash'])) {
                // No refid and we add our refid (don't forget to set $def_refid!)
-               $URL = URL."/modules.php?module=index";
+               $URL = "modules.php?module=index";
        } else {
                // We have an refid here. So we simply add it
                $URL .= $_GET['hash'];
index 6fc682b..3e8a598 100644 (file)
@@ -93,18 +93,6 @@ $_CONFIG['one_day'] = 60*60*24;
 define('START_YDAY', MAKE_TIME(0, 0, 0, time() - getConfig('one_day')));
 define('START_TDAY', MAKE_TIME(0, 0, 0, time()));
 
-$COOKIES = substr(URL, strpos(substr(URL, 8), "/") + 8);
-if ((strpos($COOKIES, "/") == "0") && (strpos(substr(URL, 8), "/") > 0)) {
-       // Script was installed into a sub directory
-       if (substr($COOKIES, -1) != "/") $COOKIES .= "/";
-} else {
-       // No more sub directories added to URL
-       $COOKIES = "/";
-}
-
-// Cookie-Path ( for lame servers... ;-) )
-define('COOKIE_PATH', $COOKIES);
-
 // Server-URL (DO NOT CHANGE THIS OR YOU CANNOT CHECK FOR UPDATES/EXTENSIONS!)
 define('SERVER_URL', "http://www.mxchange.org");
 
@@ -117,7 +105,7 @@ define('_PRIME', 591623);
 // Calculate "entropy" with the prime number (for code generation)
 define('_ADD', (_PRIME * _PRIME / (pi() * getConfig('code_length') + 1)));
 
-// Random number for e.g. "cache-buster" used in OpenX script
+// Random number for e.g. the "cache-buster" used in OpenX script
 define('CACHE_BUSTER', mt_rand(1000000, 9999999));
 
 // Extra title is empty by default
index 0a30fc7..9c4c862 100644 (file)
@@ -450,40 +450,40 @@ function FILTER_UPDATE_LOGIN_DATA () {
        // Secure user ID
        $GLOBALS['userid'] = bigintval(get_session('userid'));
 
-       // Extract last online time (life) and how long is auto-login valid (time)
-       $newl = time() + bigintval(get_session('lifetime'));
-
        // Load last module and last online time
-       $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+               array($GLOBALS['userid']), __FILE__, __LINE__);
+
+       // Entry found?
        if (SQL_NUMROWS($result) == 1) {
                // Load last module and online time
                list($mod, $onl) = SQL_FETCHROW($result);
-               SQL_FREERESULT($result);
 
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
-               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", get_session('u_hash'), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
-                       // This will be displayed on welcome page! :-)
-                       if (empty($LAST['module'])) {
-                               $LAST['module'] = $mod; $LAST['online'] = $onl;
-                       } // END - if
+               // This will be displayed on welcome page! :-)
+               if (empty($LAST['module'])) {
+                       $LAST['module'] = $mod; $LAST['online'] = $onl;
+               } // END - if
 
-                       // "what" not set?
-                       if (empty($GLOBALS['what'])) {
-                               // Fix it to default
-                               $GLOBALS['what'] = "welcome";
-                               if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home');
-                       } // END - if
+               // "what" not set?
+               if (empty($GLOBALS['what'])) {
+                       // Fix it to default
+                       $GLOBALS['what'] = "welcome";
+                       if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home');
+               } // END - if
 
-                       // Update last module / online time
-                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
-                               array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
-               }
+               // Update last module / online time
+               SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
+                       array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
        }  else {
                // Destroy session, we cannot update!
                destroy_user_session();
        }
+
+       // Free the result
+       SQL_FREERESULT($result);
 }
 
 // Filter for checking admin ACL
index 1133a3b..b2a538b 100644 (file)
@@ -51,16 +51,17 @@ function IS_INC_WRITEABLE($inc) {
        $fp = @fopen($fqfn, 'a');
        if ($inc == "dummy") {
                // Remove dummy file
-               @fclose($fp);
-               return @unlink($fqfn);
+               fclose($fp);
+               return unlink($fqfn);
        } else {
                // Close all other files
-               return @fclose($fp);
+               return fclose($fp);
        }
 }
 
 // Open a table (you may want to add some header stuff here)
-function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) {
+// @DEPRECATED
+function OPEN_TABLE ($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) {
        global $table_cnt;
 
        // Count tables so we can generate CSS classes for every table... :-)
@@ -88,14 +89,15 @@ function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_o
 }
 
 // Close a table (you may want to add some footer stuff here)
-function CLOSE_TABLE($ADD="") {
+// @DEPRECATED
+function CLOSE_TABLE( $ADD="") {
        OUTPUT_HTML("  </TD>\n</TR>");
        if (!empty($ADD)) OUTPUT_HTML($ADD);
        OUTPUT_HTML("</TABLE>");
 }
 
 // Output HTML code directly or "render" it. You addionally switch the new-line character off
-function OUTPUT_HTML($HTML, $NEW_LINE = true) {
+function OUTPUT_HTML ($HTML, $NEW_LINE = true) {
        // Some global variables
        global $OUTPUT, $footer, $CSS;
 
@@ -648,7 +650,7 @@ function DEREFERER ($URL) {
        // Don't de-refer our own links!
        if (substr($URL, 0, strlen(URL)) != URL) {
                // De-refer this link
-               $URL = URL."/modules.php?module=loader&amp;url=".urlencode(base64_encode(gzcompress($URL)));
+               $URL = "modules.php?module=loader&amp;url=".urlencode(base64_encode(gzcompress($URL)));
        } // END - if
 
        // Return link
@@ -755,12 +757,12 @@ function GET_LANGUAGE() {
        return $ret;
 }
 //
-function SET_LANGUAGE($lang) {
+function SET_LANGUAGE ($lang) {
        // Accept only first 2 chars!
        $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2);
 
        // Set cookie
-       set_session("mx_lang", $lang);
+       set_session('mx_lang', $lang);
 }
 //
 function LOAD_EMAIL_TEMPLATE($template, $content=array(), $UID="0") {
@@ -937,7 +939,7 @@ function LOAD_URL($URL, $addUrlData=true) {
        // Check if http(s):// is there
        if ((substr($URL, 0, 7) != "http://") && (substr($URL, 0, 8) != "https://")) {
                // Make all URLs full-qualified
-               $URL = URL."/".$URL;
+               $URL = "".$URL;
        }
 
        // Get output buffer
@@ -1263,7 +1265,6 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") {
        // Add more additional data
        if (isSessionVariableSet('u_hash'))                     $data .= ":".get_session('u_hash');
        if (isset($GLOBALS['userid']))                          $data .= ":".$GLOBALS['userid'];
-       if (isSessionVariableSet('lifetime'))           $data .= ":".get_session('lifetime');
        if (isSessionVariableSet('mxchange_theme'))     $data .= ":".get_session('mxchange_theme');
        if (isSessionVariableSet('mx_lang'))            $data .= ":".GET_LANGUAGE();
        if (isset($GLOBALS['refid']))                           $data .= ":".$GLOBALS['refid'];
@@ -2377,6 +2378,7 @@ function get_session ($var) {
        // Return the value
        return $value;
 }
+
 // Send notification to admin
 function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid="0") {
        if (GET_EXT_VERSION("admins") >= "0.4.1") {
@@ -2388,11 +2390,16 @@ function SEND_ADMIN_NOTIFICATION($subject, $templateName, $content=array(), $uid
                SEND_ADMIN_EMAILS($subject, $msg);
        }
 }
+
 // Destroy user session
 function destroy_user_session () {
+       // Reset userid
+       $GLOBALS['userid'] = 0;
+
        // Remove all user data from session
-       return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", "")));
+       return ((set_session('userid', "")) && (set_session('u_hash', "")));
 }
+
 // Merges an array together but only if both are arrays
 function merge_array ($array1, $array2) {
        // Are both an array?
@@ -2409,6 +2416,7 @@ function merge_array ($array1, $array2) {
        debug_print_backtrace();
        die("</pre>");
 }
+
 // Debug message logger
 function DEBUG_LOG ($file, $line, $message, $force=true) {
        // Is debug mode enabled?
@@ -2419,6 +2427,7 @@ function DEBUG_LOG ($file, $line, $message, $force=true) {
                fclose($fp);
        } // END - if
 }
+
 // Reads a directory with PHP files in and gets only files back
 function GET_DIR_AS_ARRAY ($baseDir, $prefix) {
        $INCs = array();
@@ -2898,7 +2907,7 @@ function GET_CURR_THEME() {
 
        if (!isSessionVariableSet('mxchange_theme')) {
                // Set default theme
-               set_session("mxchange_theme", $ret);
+               set_session('mxchange_theme', $ret);
        } elseif ((isSessionVariableSet('mxchange_theme')) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
                //die("<pre>".print_r($cacheArray['themes'], true)."</pre>");
                // Get theme from cookie
@@ -2916,17 +2925,17 @@ function GET_CURR_THEME() {
                // Installation mode active
                if ((!empty($_GET['theme'])) && (FILE_READABLE($theme))) {
                        // Set cookie from URL data
-                       set_session("mxchange_theme", SQL_ESCAPE($_GET['theme']));
+                       set_session('mxchange_theme', SQL_ESCAPE($_GET['theme']));
                } elseif (FILE_READABLE(sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($_POST['theme'])))) {
                        // Set cookie from posted data
-                       set_session("mxchange_theme", SQL_ESCAPE($_POST['theme']));
+                       set_session('mxchange_theme', SQL_ESCAPE($_POST['theme']));
                }
 
                // Set return value
                $ret = get_session('mxchange_theme');
        } else {
                // Invalid design, reset cookie
-               set_session("mxchange_theme", $ret);
+               set_session('mxchange_theme', $ret);
        }
 
        // Add (maybe) found theme.php file to inclusion list
@@ -3012,10 +3021,29 @@ function READ_FILE ($FQFN, $sqlPrepare = false) {
        return $content;
 }
 
+// Generates an error code from given account status
+function GEN_ERROR_CODE_FROM_ACCOUNT_STATUS ($status) {
+       // Default error code if unknown account status
+       $ERROR = CODE_UNKNOWN_STATUS;
+
+       // Generate constant name
+       $constantName = sprintf("CODE_ID_%s", $status);
+
+       // Is the constant there?
+       if (defined($constantName)) {
+               // Then get it!
+               $ERROR = constant($constantName);
+       } else {
+               // Unknown status
+               DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown error status %s detected.", $status));
+       }
+
+       // Return error code
+       return $ERROR;
+}
+
 //////////////////////////////////////////////////
-//                                              //
 // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
-//                                              //
 //////////////////////////////////////////////////
 //
 if (!function_exists('html_entity_decode')) {
@@ -3027,5 +3055,5 @@ if (!function_exists('html_entity_decode')) {
        }
 } // END - if
 
-//
+// [EOF]
 ?>
index fc7f73c..1f8275c 100644 (file)
@@ -40,18 +40,20 @@ if (!defined('__SECURITY')) {
 // Set default language
 if (empty($mx_lang)) $mx_lang = DEFAULT_LANG;
 
+// Generate FQFN
+$FQFN = sprintf("%sinc/language/%s.php", PATH, $mx_lang);
+
 // Look for file
-$file = sprintf("%sinc/language/%s.php", PATH, $mx_lang);
-if (!FILE_READABLE($file)) {
+if (!FILE_READABLE($FQFN)) {
        // Switch to default (DO NOT CHANGE!!!)
-       set_session("mx_lang", "de");
+       set_session('mx_lang', 'de');
        $mx_lang = "de";
-       $file = sprintf("%sinc/language/%s.php", PATH, "de");
+       $FQFN = sprintf("%sinc/language/%s.php", PATH, "de");
 } // END - if
 
 // Load language file
-require($file);
-unset($file);
+require($FQFN);
+unset($FQFN);
 
 // Check for installation mode
 if (isBooleanConstantAndTrue('mxchange_installing')) {
index dd8d327..38169a0 100644 (file)
@@ -188,17 +188,17 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
                        // Rewrite cookie when it's own account
                        if ($aid == $id) {
                                // Set timeout cookie
-                               set_session("admin_last", time());
+                               set_session('admin_last', time());
 
                                if ($login != get_session('admin_login')) {
                                        // Update login cookie
-                                       set_session("admin_login", $login);
+                                       set_session('admin_login', $login);
 
                                        // Update password cookie as well?
-                                       if (!empty($ADD)) set_session("admin_md5", $hash);
+                                       if (!empty($ADD)) set_session('admin_md5', $hash);
                                } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) {
                                        // Update password cookie
-                                       set_session("admin_md5", $hash);
+                                       set_session('admin_md5', $hash);
                                }
                        } // END - if
 
@@ -214,13 +214,13 @@ email='%s',
 default_acl='%s',
 la_mode='%s'
 WHERE id=%s LIMIT 1",
- array(
-       $login,
-       $POST['email'][$id],
-       $POST['mode'][$id],
-       $POST['la_mode'][$id],
-       $id
-), __FILE__, __LINE__);
                                      array(
+                                               $login,
+                                               $POST['email'][$id],
+                                               $POST['mode'][$id],
+                                               $POST['la_mode'][$id],
+                                               $id
+                                       ), __FILE__, __LINE__);
                        } else {
                                // Do not allow it here
                                SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
@@ -228,12 +228,12 @@ login='%s'".$ADD.",
 email='%s',
 la_mode='%s'
 WHERE id=%s LIMIT 1",
- array(
-       $login,
-       $POST['email'][$id],
-       $POST['la_mode'][$id],
-       $id
-), __FILE__, __LINE__);
                                      array(
+                                               $login,
+                                               $POST['email'][$id],
+                                               $POST['la_mode'][$id],
+                                               $id
+                                       ), __FILE__, __LINE__);
                        }
 
                        // Purge cache
index d1834fb..8b9fe5b 100644 (file)
@@ -38,43 +38,79 @@ if (!defined('__SECURITY')) {
 }
 
 //
-function NICKNAME_IS_ACTIVE($uidNick)
-{
+function NICKNAME_IS_ACTIVE ($uidNick) {
+       global $cacheArray;
+
+       // By default nothing is found...
        $ret = false;
-       $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE (userid=%s AND userid > 0) OR nickname='%s' LIMIT 1",
-        array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
 
-       // Check existence of nickname
-       if (SQL_NUMROWS($result) == 1) $ret = true;
+       // Found in cache?
+       if (isset($cacheArray['nick_active'][$uidNick])) {
+               // Use it directly
+               $ret = $cacheArray['nick_active'][$uidNick];
+
+               // Increment cache counter
+               incrementConfigEntry('cache_hits');
+       } else {
+               // Search in database
+               // @TODO Can we replace this with GET_TOTAL_DATA() ?
+               $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s OR nickname='%s' LIMIT 1",
+                       array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
 
-       // Free result
-       SQL_FREERESULT($result);
+               // Check existence of nickname
+               $ret = (SQL_NUMROWS($result) == 1);
+
+               // Put it in cache
+               $cacheArray['nick_active'][$uidNick] = $ret;
+
+               // Free result
+               SQL_FREERESULT($result);
+       }
 
        // Return nickname
        return $ret;
 }
+
 //
-function NICKNAME_GET_NICK($userid)
-{
+function NICKNAME_GET_NICK ($userid) {
+       global $cacheArray;
+
        // If not found...
        $ret = "";
 
-       // Search for non-empty nickname
-       $result = SQL_QUERY_ESC("SELECT nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND nickname != '' LIMIT 1",
-        array(bigintval($userid)), __FILE__, __LINE__);
+       // Found in cache?
+       if (isset($cacheArray['nicknames'][$userid])) {
+               // Use it directly
+               $ret = $cacheArray['nicknames'][$userid];
 
-       // Found?
-       if (SQL_NUMROWS($result) == 1)
-       {
-               // Load nickname from database
-               list($ret) = SQL_FETCHROW($result);
-       }
+               // Increment cache counter
+               incrementConfigEntry('cache_hits');
+       } elseif (NICKNAME_IS_ACTIVE($userid)) {
+               // Search for non-empty nickname
+               $result = SQL_QUERY_ESC("SELECT nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND nickname != '' LIMIT 1",
+                       array(bigintval($userid)), __FILE__, __LINE__);
+
+               // Found?
+               if (SQL_NUMROWS($result) == 1) {
+                       // Load nickname from database
+                       list($ret) = SQL_FETCHROW($result);
 
-       // Free result
-       SQL_FREERESULT($result);
+                       // Put it in cche
+                       $cacheArray['nicknames'][$userid] = $ret;
+               } // END - if
+
+               // Free result
+               SQL_FREERESULT($result);
+       }
 
        // Return nickname
        return $ret;
 }
+
+// Simple wrapper function
+function NICKNAME_PROBE_ON_USERID ($uid) {
+       return (NICKNAME_GET_NICK($uid) != "");
+}
+
 //
 ?>
index 3a1cff0..58c7f4f 100644 (file)
@@ -258,7 +258,7 @@ function PRIMERA_EXECUTE_WITHDRAW ($primusNick, $userMd5, $amount) {
        $api = new PrimeraApi($primusNick, $userMd5);
 
        // Prepare purpose
-       $eval = "\$purpose = \"".COMPILE_CODE(sprintf(PRIMERA_API_PURPOSE_WITHDRAW, $_COOKIE['sponsorid']))."\";";
+       $eval = "\$purpose = \"".COMPILE_CODE(sprintf(PRIMERA_API_PURPOSE_WITHDRAW, get_session('sponsorid')))."\";";
        eval($eval);
 
        // Pay the Primera
index 0f34c42..5b55893 100644 (file)
@@ -83,11 +83,6 @@ if (!isset($_POST)) {
        $_POST = $GLOBALS['_POST'];
 }
 
-if (!isset($_COOKIE)) {
-       global $_COOKIE;
-       $_COOKIE = $GLOBALS['_COOKIE'];
-}
-
 // Include IP-Filter here
 //require("/usr/share/php/ipfilter.php");
 
@@ -161,23 +156,6 @@ if (basename($_SERVER['PHP_SELF']) != "install.php") {
                        $_POST[$seckey] = strip_tags($_POST[$seckey]);
                }
        }
-
-       // ... and finally cookies
-       foreach ($_COOKIE as $seckey => $secvalue) {
-               if (is_array($secvalue)) {
-                       // Throw arrays away...
-                       unset($_COOKIE[$seckey]);
-               } else {
-                       // Only variables are allowed (non-array) but we secure them all!
-                       foreach ($SEC_CHARS['from'] as $key => $char) {
-                               // Pass all through
-                               $_COOKIE[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
-                       }
-
-                       // Strip all other out
-                       $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]);
-               }
-       }
 }
 
 // Activate caching or transparent compressing when it is not already done
index 499abe7..85ba173 100644 (file)
@@ -37,9 +37,12 @@ if (!defined('__SECURITY')) {
 }
 
 //
-function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
-{
-       $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
+function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) {
+       // Init a lot variables
+       $SAVE = true;
+       $UPDATE = false;
+       $skip = false;
+       $ALREADY = false;
        $ret = "unused";
 
        // Skip these entries
@@ -54,44 +57,35 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
        );
 
        // Check if sponsor already exists
-       foreach ($POST as $k => $v)
-       {
-               if (!(array_search($k, $SKIPPED) > -1))
-               {
+       foreach ($POST as $k => $v) {
+               if (!(array_search($k, $SKIPPED) > -1)) {
                        // Check only posted input entries not the submit button
                        switch ($k)
                        {
                        case "email":
                                $ALREADY = false;
-                               if (!VALIDATE_EMAIL($v))
-                               {
+                               if (!VALIDATE_EMAIL($v)) {
                                        // Email address is not valid
                                        $SAVE = false;
-                               }
-                                else
-                               {
+                               } else {
                                        // Do we want to add a new sponsor or update his data?
                                        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
-                                        array($POST['email']), __FILE__, __LINE__);
+                                               array($POST['email']), __FILE__, __LINE__);
 
                                        // Is a sponsor alread in the db?
-                                       if (SQL_NUMROWS($result) == 1)
-                                       {
-                                               // Free memory
-                                               SQL_FREERESULT($result);
-
+                                       if (SQL_NUMROWS($result) == 1) {
                                                // Yes, he is!
-                                               if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
-                                               {
+                                               if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) {
                                                        // Already found!
                                                        $ALREADY = true;
-                                               }
-                                                else
-                                               {
+                                               } else {
                                                        // Update his data
                                                        $UPDATE = true;
                                                }
                                        }
+
+                                       // Free memory
+                                       SQL_FREERESULT($result);
                                }
                                break;
 
@@ -110,18 +104,17 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                        default:
                                // Test if there is are time selections
                                $TEST = substr($k, -3);
-                               if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v)))
-                               {
+                               if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) {
                                        // Found a multi-selection for timings?
                                        $TEST = substr($k, 0, -3);
-                                       if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2))
-                                       {
+                                       if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) {
                                                // Generate timestamp
                                                $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
                                                $DATA['keys'][] = $TEST;
                                                $DATA['values'][] = $POST[$TEST];
 
                                                // Remove data from array
+                                               // @TODO Do we still need this all?
                                                unset($POST[$TEST."_ye"]);
                                                unset($POST[$TEST."_mo"]);
                                                unset($POST[$TEST."_we"]);
@@ -133,16 +126,13 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                                                // Skip adding
                                                $k = ""; $skip = true; $TEST2 = $TEST;
                                        }
-                               }
-                                else
-                               {
+                               } else {
                                        $skip = false; $TEST2 = "";
                                }
                                break;
                        }
 
-                       if ((!empty($k)) && ($skip == false))
-                       {
+                       if ((!empty($k)) && ($skip == false)) {
                                // Add data
                                $DATA['keys'][] = $k; $DATA['values'][] = $v;
                        }
@@ -150,8 +140,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
        }
 
        // Save sponsor?
-       if ($SAVE)
-       {
+       if ($SAVE) {
                // Default is no force even when a guest want to abuse this force switch
                if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
 
@@ -159,12 +148,10 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                $SQL = ""; $MSG = "";
 
                // Update?
-               if ($UPDATE)
-               {
+               if ($UPDATE) {
                        // Update his data
                        $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
-                       foreach ($DATA['keys'] as $k => $v)
-                       {
+                       foreach ($DATA['keys'] as $k => $v) {
                                $SQL .= $v."='%s', ";
                        }
 
@@ -173,27 +160,22 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                        $DATA['values'][] = bigintval($_GET['id']);
 
                        // Generate message
-                       $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
+                       $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
                        $ret = "updated";
-               }
-                elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN())))
-               {
+               } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) {
                        // Add new sponsor, first add more data
                        $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
                        $DATA['keys'][] = "status";
-                       if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
-                       {
+                       if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) {
                                // Only allowed for admin
                                $DATA['values'][] = "PENDING";
-                       }
-                        else
-                       {
+                       } elsen{
                                // Guest area
                                $DATA['values'][] = "UNCONFIRMED";
 
                                // Generate hash code
                                $DATA['keys'][] = "hash";
-                               $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+                               $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
                                $DATA['keys'][] = "remote_addr";
                                $DATA['values'][] = GET_REMOTE_ADDR();
                        }
@@ -206,18 +188,14 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                        $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
 
                        // Generate message
-                       $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
+                       $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
                        $ret = "added";
-               }
-                elseif ((!$NO_UPDATE) && (IS_ADMIN()))
-               {
+               } elseif ((!$NO_UPDATE) && (IS_ADMIN())) {
                        // Add all data as hidden data
                        $OUT = "";
-                       foreach ($POST as $k => $v)
-                       {
+                       foreach ($POST as $k => $v) {
                                // Do not add 'force' !
-                               if ($k != "force")
-                               {
+                               if ($k != "force") {
                                        $OUT .= "<INPUT type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\">\n";
                                }
                        }
@@ -227,30 +205,24 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
                        // Ask for adding a sponsor with same email address
                        LOAD_TEMPLATE("admin_add_sponsor_already");
                        return;
-               }
-                else
-               {
+               } else {
                        // Already added!
                        $MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
                        $ret = "already";
                }
 
-               if (!empty($SQL))
-               {
+               if (!empty($SQL)) {
                        // Run SQL command
                        $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
                }
 
                // Output message
-               if ((!$NO_UPDATE) && (IS_ADMIN()))
-               {
+               if ((!$NO_UPDATE) && (IS_ADMIN())) {
                        LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
                }
-       }
-        else
-       {
+       } else {
                // Error found!
-               $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
+               $MSG = SPONSOR_GET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
                LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
        }
 
@@ -258,8 +230,7 @@ function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_ST
        if ($RET_STATUS) return $ret;
 }
 //
-function SPONSOR_TRANSLATE_STATUS($status)
-{
+function SPONSOR_TRANSLATE_STATUS($status) {
        switch ($status)
        {
        case "UNCONFIRMED":
@@ -290,32 +261,20 @@ function SPONSOR_TRANSLATE_STATUS($status)
        return $ret;
 }
 // Search for an email address in the database
-function SPONSOR_FOUND_EMAIL_DB($email)
-{
-       // Default status is failed (as it is always be...)
-       $ret = false;
-
-       // Check for email (and secure input)
-       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
-        array($email), __FILE__, __LINE__);
-
+function SPONSOR_FOUND_EMAIL_DB ($email) {
        // Do we already have the provided email address in our DB?
-       if (SQL_NUMROWS($result) == 1) $ret = true;
+       $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1);
 
        // Return result
        return $ret;
 }
 //
-function SPONSOR_SET_MESSAGE($msg, $pos, $array)
-{
+function SPONSOR_GET_MESSAGE ($msg, $pos, $array) {
        // Check if the requested message was found in array
-       if (isset($array[$pos]))
-       {
+       if (isset($array[$pos])) {
                // ... if yes then use it!
                $ret = $array[$pos];
-       }
-        else
-       {
+       } else {
                // ... else use default message
                $ret = $msg;
        }
@@ -323,20 +282,17 @@ function SPONSOR_SET_MESSAGE($msg, $pos, $array)
        // Return result
        return $ret;
 }
+
 //
-function IS_SPONSOR()
-{
-       global $_COOKIE;
+function IS_SPONSOR () {
        // Failed...
        $ret = false;
-       if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass'])))
-       {
+       if ((isSessionVariableSet('sponsorid'))) && (isSessionVariableSet('sponsorpass')))) {
                // Check cookies against database records...
                $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
-               if (SQL_NUMROWS($result) == 1)
-               {
+                       array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+               if (SQL_NUMROWS($result) == 1) {
                        // All is fine
                        $ret = true;
                }
@@ -436,38 +392,27 @@ function GENERATE_SPONSOR_CONTENT($what)
        return $OUT;
 }
 //
-function UPDATE_SPONSOR_LOGIN()
-{
-       global $_COOKIE, $_CONFIG;
-
-       // Check if cookies are set
-       if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
+function UPDATE_SPONSOR_LOGIN () {
+       // Failed by default
+       $login = false;
 
-       // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
-       // seperate timeout for these two cookies?
-       $life = (time() + getConfig('online_timeout'));
-
-       // Is confirmed so both is fine and we can continue with login procedure
-       $login = ((setcookie("sponsorid"  , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
-                 (setcookie("sponsorpass", $_COOKIE['sponsorpass']         , $life, COOKIE_PATH)));
-
-       // Update database?
-       if ($login)
-       {
+       // Is sponsor?
+       if (IS_SPONSOR()) {
                // Update last online timestamp
                SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
-SET last_online='".time()."'
+SET last_online=UNIX_TIMESTAMP()
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+                       array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+
+               // This update went fine?
+               $login = (SQL_AFFECTEDROWS() == 1);
        }
 
        // Return status
        return $login;
 }
 //
-function SPONSOR_SAVE_DATA($POST, $content)
-{
-       global $_COOKIE, $_SERVER, $_GET;
+function SPONSOR_SAVE_DATA ($POST, $content) {
        $EMAIL = false;
 
        // Unsecure data which we don't want
@@ -479,19 +424,16 @@ function SPONSOR_SAVE_DATA($POST, $content)
        $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
 
        // Check for submitted passwords
-       if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
-       {
+       if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) {
                // Are both passwords the same?
-               if ($_POST['pass1'] == $_POST['pass2'])
-               {
+               if ($POST['pass1'] == $POST['pass2']) {
                        // Okay, then set password and remove pass1 and pass2
-                       $_POST['password'] = md5($_POST['pass1']);
+                       $POST['password'] = md5($POST['pass1']);
                }
        }
 
        // Remove all (maybe spoofed) unsafe data from array
-       foreach ($UNSAFE as $remove)
-       {
+       foreach ($UNSAFE as $remove) {
                unset($POST[$remove]);
        }
 
@@ -501,8 +443,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
 
        // Prepare SQL string
        $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
-       foreach ($POST as $key => $value)
-       {
+       foreach ($POST as $key => $value) {
                // Mmmmm, too less security here???
                $SQL   .= " ".strip_tags($key)."='%s',";
 
@@ -514,10 +455,8 @@ function SPONSOR_SAVE_DATA($POST, $content)
        }
 
        // Check if email has changed
-       if ((!empty($content['email'])) && (!empty($POST['email'])))
-       {
-               if ($content['email'] != $POST['email'])
-               {
+       if ((!empty($content['email'])) && (!empty($POST['email']))) {
+               if ($content['email'] != $POST['email']) {
                        // Change email address
                        $EMAIL = true;
 
@@ -525,7 +464,7 @@ function SPONSOR_SAVE_DATA($POST, $content)
                        $SQL .= " status='EMAIL', hash='%s',";
 
                        // Generate hash code
-                       $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+                       $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
                        $DATA[] = $HASH;
                }
        }
@@ -535,15 +474,14 @@ function SPONSOR_SAVE_DATA($POST, $content)
 
        // Add SQL tail data
        $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
-       $DATA[] = bigintval($_COOKIE['sponsorid']);
-       $DATA[] = $_COOKIE['sponsorpass'];
+       $DATA[] = bigintval(get_session('sponsorid'));
+       $DATA[] = get_session('sponsorpass');
 
        // Saving data was completed... ufff...
        switch ($GLOBALS['what'])
        {
        case "account": // Change account data
-               if ($EMAIL)
-               {
+               if ($EMAIL) {
                        $MSG   = SPONSOR_ACCOUNT_EMAIL_CHANGED;
                        $templ = "admin_sponsor_change_email";
                        $subj  = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
index 31ec274..f7df80b 100644 (file)
@@ -205,7 +205,7 @@ if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $currTheme)) {
        $newTheme = $_POST['new_theme'];
 
        // Change to new theme
-       set_session("mxchange_theme", $newTheme);
+       set_session('mxchange_theme', $newTheme);
 
        // Remove current from array and set new
        $theme = sprintf("%stheme/%s/theme.php", PATH, $currTheme);
index 3a385ff..76d85f5 100644 (file)
@@ -257,5 +257,203 @@ function SELECT_RANDOM_REFID () {
        return $refid;
 }
 
+// Do the user login
+function USER_DO_LOGIN ($uid, $passwd) {
+       // Add last_login if available
+       $LAST = "";
+       if (GET_EXT_VERSION("sql_patches") >= "0.2.8") {
+               $LAST = ", last_login";
+       } // END - if
+
+       // Check login data
+       $password = ""; $uid2 = ""; $dmy = ""; $online = 0; $login = 0;
+       if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($uid))) {
+               // Nickname entered
+               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
+                       array($uid), __FILE__, __LINE__);
+               list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
+               if (!empty($uid2)) $uid = bigintval($uid2);
+       } else {
+               // Direct userid entered
+               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+                       array($uid, $hash), __FILE__, __LINE__);
+               list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
+       }
+
+       // Is there an entry?
+       if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) {
+               // Free result
+               SQL_FREERESULT($result);
+
+               // By default the hash is empty
+               $hash = "";
+
+               // Check for old MD5 passwords
+               if ((strlen($password) == 32) && (md5($passwd) == $password)) {
+                       // Just set the hash to the password from DB... :)
+                       $hash = $password;
+               } else {
+                       // Hash password with improved way for comparsion
+                       $hash = generateHash($passwd, substr($password, 0, -40));
+               }
+
+               if ($hash == $password) {
+                       // New hashed password found so let's generate a new one
+                       $hash = generateHash($passwd);
+
+                       // ... and update database
+                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+                               array($hash, $uid), __FILE__, __LINE__);
+
+                       // No login bonus by default
+                       // @TODO Make this filter working: $ADDON = RUN_FILTER('post_login_update', array('login' => $login, 'online' => $online));
+                       $BONUS = false;
+
+                       // Probe for last online timemark
+                       $probe = time() -  $online;
+                       if (!empty($login)) $probe = time() - $login;
+                       if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) {
+                               // Add login bonus to user's account
+                               $ADD = sprintf(", login_bonus=login_bonus+%s",
+                                       (float)getConfig('login_bonus')
+                               );
+                               $BONUS = true;
+
+                               // Subtract login bonus from userid's account or jackpot
+                               if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
+                       } // END - if
+
+                       // Init variables
+                       $login = false;
+
+                       // Calculate new hash with the secret key and master salt together
+                       $hash = generatePassString($hash);
+
+                       // Update global array
+                       // @TODO Make this filter working: $URL = RUN_FILTER('do_login', array('uid' => $uid, 'hash' => $hash, 'addon' => $ADDON));
+                       $GLOBALS['userid'] = $uid;
+
+                       // Try to set session data (which shall normally always work!)
+                       if ((set_session('userid', $uid )) && (set_session('u_hash', $hash))) {
+                               // Update database records
+                               SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
+                                       array($uid), __FILE__, __LINE__);
+                               if (SQL_AFFECTEDROWS() == 1) {
+                                       // Procedure to checking for login data
+                                       if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) {
+                                               // Bonus added (just displaying!)
+                                               $URL = "modules.php?module=chk_login&amp;mode=bonus";
+                                       } else {
+                                               // Bonus not added
+                                               $URL = "modules.php?module=chk_login&amp;mode=login";
+                                       }
+                               } else {
+                                       // Cannot update counter!
+                                       $URL = "modules.php?module=index&amp;what=login&amp;login=".CODE_CNTR_FAILED;
+                               }
+                       } else {
+                               // Cookies not setable!
+                               $URL = "modules.php?module=index&amp;what=login&amp;login=".CODE_NO_COOKIES;
+                       }
+               } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
+                       // Update failture counter
+                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1",
+                               array($uid), __FILE__, __LINE__);
+
+                       // Wrong password!
+                       $URL = "modules.php?module=index&amp;what=login&amp;login=".CODE_WRONG_PASS;
+               }
+       } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) {
+               // Other account status?
+               // @TODO Can this query be saved???
+               $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+                       array($uid), __FILE__, __LINE__);
+
+               // Entry found?
+               if (SQL_NUMROWS($result) == 1) {
+                       // Load status
+                       list($status) = SQL_FETCHROW($result);
+
+                       // Create an error code from given status
+                       $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
+               } else {
+                       // ID not found!
+                       $ERROR = CODE_WRONG_ID;
+               }
+
+               // Construct URL
+               $URL = "modules.php?module=index&amp;what=login&amp;login=".$ERROR;
+       } else {
+               // ID not found!
+               $URL = "modules.php?module=index&amp;what=login&amp;login=".CODE_WRONG_ID;
+       }
+
+       // Return URL
+       return $URL;
+}
+
+// Try to send a new password for the given user account
+function USER_DO_NEW_PASSWORD ($email, $uid) {
+       // Compile email when found in address (only secure chars!)
+       if (!empty($email)) $email = str_replace("{DOT}", '.', $email);
+
+       // Init result and error
+       $ERROR = "";
+       $result = false;
+
+       // Probe userid/nickname
+       if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($uid))) {
+               // Nickname entered
+               $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1",
+                       array($uid, $email), __FILE__, __LINE__);
+       } elseif (($uid > 0) && (empty($email))) {
+               // Direct userid entered
+               $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+                       array(bigintval($uid)), __FILE__, __LINE__);
+       } elseif (!empty($email)) {
+               // Email entered
+               $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
+                       array($email), __FILE__, __LINE__);
+       } else {
+               // Userid not set!
+               DEBUG_LOG(__FUNCTION__, __LINE__, "Userid is not set! BUG!");
+               $ERROR = CODE_WRONG_ID;
+       }
+
+       // Any entry found?
+       if (SQL_NUMROWS($result) == 1) {
+               // This data is valid, so we create a new pass... :-)
+               list($uid, $status) = SQL_FETCHROW($result);
+
+               if ($status == "CONFIRMED") {
+                       // Ooppps, this was missing! ;-) We should update the database...
+                       $NEW_PASS = GEN_PASS();
+                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1",
+                               array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__);
+
+                       // Prepare data and message for email
+                       $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid);
+
+                       // ... and send it away
+                       SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg);
+
+                       // Output note to user
+                       LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
+               } else {
+                       // Account is locked or unconfirmed
+                       $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
+
+                       // Load URL
+                       LOAD_URL("modules.php?module=index&amp;what=login&amp;login=".$ERROR);
+               }
+       } else {
+               // ID or email is wrong
+               LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");
+       }
+
+       // Return the error code
+       return $ERROR;
+}
+
 // [EOF]
 ?>
index b3580e8..cd43f5d 100644 (file)
@@ -138,10 +138,10 @@ LIMIT 1",
                        $RECEIVER = implode(";", $UIDs);
 
                        // Prepare URL
-                       $url = URL."/modules.php?module=index&what=login";
+                       $URL = "modules.php?module=index&amp;what=login";
 
                        // Insert mail
-                       ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('beg_notify_bonus'), getConfig('beg_notify_wait'), $url, 0, "normal", SQL_NUMROWS($result_main));
+                       ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('beg_notify_bonus'), getConfig('beg_notify_wait'), $URL, 0, "normal", SQL_NUMROWS($result_main));
                } // END - if
        } // END - if
 
index 2df07aa..b77202d 100644 (file)
@@ -117,10 +117,10 @@ LIMIT 1",
                        $RECEIVER = implode(";", $UIDs);
 
                        // Prepare URL
-                       $url = URL."/modules.php?module=index&what=login";
+                       $URL = "modules.php?module=index&amp;what=login";
 
                        // Insert mail
-                       ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('bonus_notify_points'), getConfig('bonus_notify_wait'), $url, 0, "normal", SQL_NUMROWS($result_main));
+                       ADD_BONUS_MAIL_TO_QUEUE($SUBJECT, $MSG, $RECEIVER, getConfig('bonus_notify_points'), getConfig('bonus_notify_wait'), $URL, 0, "normal", SQL_NUMROWS($result_main));
                } // END - if
        } // END - if
 
index cbf18f8..7195331 100644 (file)
@@ -71,7 +71,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
                        if (!_FATAL) {
                                // Registering is done
-                               LOAD_URL(URL."/modules.php?module=admin&amp;action=login&register=done");
+                               LOAD_URL("modules.php?module=admin&amp;action=login&register=done");
                        } else {
                                $ret = ADMIN_CANNOT_COMPLETE;
                        }
@@ -99,7 +99,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                                admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
 
                                // Load URL for login
-                               LOAD_URL(URL."/modules.php?module=admin&amp;action=login");
+                               LOAD_URL("modules.php?module=admin&amp;action=login");
                        } // END - if
                        break;
                }
@@ -192,7 +192,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        // At leat one administrator account was created
        if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
                // Timeout for last login, we have to logout first!
-               LOAD_URL(URL."/modules.php?module=admin&amp;action=login&amp;logout=1");
+               LOAD_URL("modules.php?module=admin&amp;action=login&amp;logout=1");
        } // END - if
 
        if (!empty($_GET['register'])) {
@@ -211,7 +211,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                {
                case "done": // Admin and password are okay, so we log in now
                        // Construct URL and redirect
-                       $URL = URL."/modules.php?module=admin&amp;";
+                       $URL = "modules.php?module=admin&amp;";
 
                        // Rewrite overview module
                        if ($GLOBALS['what'] == "overview") {
@@ -340,37 +340,29 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        switch ($ret)
        {
        case "done":
-               // Cookie-Data accepted
-               if ((set_session("admin_md5", get_session('admin_md5'))) && (set_session("admin_login", get_session('admin_login'))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {
-                       // Ok, Cookie-Update done
-                       // Check for access control line of current menu entry
-                       define('__ACL_ALLOW', RUN_FILTER('check_admin_acl'));
+               // Check for access control line of current menu entry
+               define('__ACL_ALLOW', RUN_FILTER('check_admin_acl'));
 
-                       // When type of admin menu is not set fallback to old menu system
-                       if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD";
+               // When type of admin menu is not set fallback to old menu system
+               if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD";
 
-                       // Check for version and switch between old menu system and new "intelligent menu system"
-                       if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) {
-                               // Default area is the entrance, of course
-                               $area = "entrance";
+               // Check for version and switch between old menu system and new "intelligent menu system"
+               if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) {
+                       // Default area is the entrance, of course
+                       $area = "entrance";
 
-                               // Check for similar URL variable
-                               if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+                       // Check for similar URL variable
+                       if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
 
-                               // Load "logical-area menu-system" file
-                               require_once(PATH."inc/modules/admin/lasys-inc.php");
+                       // Load "logical-area menu-system" file
+                       require_once(PATH."inc/modules/admin/lasys-inc.php");
 
-                               // Create new-style menu system will "logical areas"
-                               ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
-                       } else {
-                               // This little call constructs the whole default old and lacky menu system
-                               // on left side
-                               ADMIN_DO_ACTION($GLOBALS['what']);
-                       }
+                       // Create new-style menu system will "logical areas"
+                       ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
                } else {
-                       // Login failed (cookies enabled?)
-                       OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGIN_FAILED."</STRONG>");
-                       ADD_FATAL(CANNOT_RE_REGISTER_SESS);
+                       // This little call constructs the whole default old and lacky menu system
+                       // on left side
+                       ADMIN_DO_ACTION($GLOBALS['what']);
                }
                break;
 
index 31de75a..af97f70 100644 (file)
@@ -202,13 +202,13 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
        // Now set all session variables and return the result
        return (
                (
-                       set_session("admin_md5", generatePassString($passHash))
+                       set_session('admin_md5', generatePassString($passHash))
                ) && (
-                       set_session("admin_login", $adminLogin)
+                       set_session('admin_login', $adminLogin)
                ) && (
-                       set_session("admin_last", time())
+                       set_session('admin_last', time())
                ) && (
-                       set_session("admin_to", bigintval($_POST['timeout']))
+                       set_session('admin_to', bigintval($_POST['timeout']))
                )
        );
 }
index ee772bb..46c2ed7 100644 (file)
@@ -224,6 +224,7 @@ function OUTPUT_SELECTED_TASKS ($POST, $result_tasks) {
                                $OUT .= LOAD_TEMPLATE("admin_overview_row", true, $content);
 
                                // Which task do we actually have here?
+                               // @TODO Rewrite this to something with include files
                                switch ($type)
                                {
                                case "EXTENSION": // Install new extensions
@@ -264,7 +265,7 @@ function OUTPUT_SELECTED_TASKS ($POST, $result_tasks) {
                                case "SUPPORT_MEMBER": // Assign on member's support request
                                        switch ($mode)
                                        {
-                                       default: // Unknown support mode
+                                       default: // @TODO Unknown support mode
                                                DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown support mode %s detected. This part is under construction!", $mode));
                                                $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_UNKNOWN_SUPPORT_MODE_1.$mode.ADMIN_UNKNOWN_SUPPORT_MODE_2."</FONT>\n";
                                                break;
index a3b7324..9bf42b7 100644 (file)
@@ -74,7 +74,7 @@ if (!empty($_GET['id'])) {
                        LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_DELETED_1.bigintval($_GET['id']).SPONSOR_DELETED_2);
                } elseif (!empty($_POST['no'])) {
                        // Do not delete him...
-                       LOAD_URL(URL."/modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['id']));
+                       LOAD_URL("modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['id']));
                } else {
                        // Load data
                        list ($email, $gender, $sname, $fname) = SQL_FETCHROW($result);
index db649c3..3a7f335 100644 (file)
@@ -40,11 +40,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 // Add description as navigation point
 ADD_DESCR("admin", __FILE__);
 
-if ((!empty($_POST['uid'])) && (!empty($_POST['id'])))
-{
+if ((!empty($_POST['uid'])) && (!empty($_POST['id']))) {
        // Update database...
        // First user's account
-       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET nl_until='".time()."+nl_timespan', nl_receive='N', nl_timespan='0' WHERE userid=%s LIMIT 1",
+       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET nl_until=(UNIX_TIMESTAMP() + nl_timespan), nl_receive='N', nl_timespan=0 WHERE userid=%s LIMIT 1",
                array(bigintval($_POST['uid'])), __FILE__, __LINE__);
 
        // Next the task system...
@@ -56,11 +55,10 @@ if ((!empty($_POST['uid'])) && (!empty($_POST['id'])))
 
        // Output message to admin
        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NL_MEMBER_DONE);
-}
- else
-{
-       // Currently under construction!
+} else {
+       // @TODO Currently under construction!
        LOAD_TEMPLATE("admin_settings_saved", false, UNDER_CONSTRUCTION);
 }
+
 //
 ?>
index a4aebb3..adcc440 100644 (file)
@@ -82,7 +82,7 @@ if (!empty($_GET['id'])) {
                                        array(bigintval($_GET['id'])), __FILE__, __LINE__);
                        } elseif (!empty($_POST['no'])) {
                                // No don't lock / unlock now!
-                               LOAD_URL(URL."/modules.php?module=admin&what=list_sponsor&id=".bigintval($_GET['id']));
+                               LOAD_URL("modules.php?module=admin&amp;what=list_sponsor&amp;id=".bigintval($_GET['id']));
                        } else {
                                // Create header and text messages
                                if ($status == "CONFIRMED") {
index e96c9a5..a658027 100644 (file)
@@ -111,7 +111,7 @@ if (!empty($_GET['u_id'])) {
                        require_once(PATH."inc/modules/admin/what-del_user.php");
                } elseif (!empty($_POST['no'])) {
                        // Do not lock him...
-                       $URL = URL."/modules.php?module=admin&amp;what=list_user&amp;u_id=".bigintval($_GET['u_id']);
+                       $URL = "modules.php?module=admin&amp;what=list_user&amp;u_id=".bigintval($_GET['u_id']);
                } else {
                        $result = SQL_QUERY_ESC("SELECT email, surname, family FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                                array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
index f5de9a8..f69e0a4 100644 (file)
@@ -82,7 +82,7 @@ if ($SEL > 0) {
        $POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']);
 
        // Set session
-       set_session("mxchange_theme", $POST['default_theme']);
+       set_session('mxchange_theme', $POST['default_theme']);
 
        // Set it in config and current theme as well
        global $currTheme;
@@ -99,10 +99,8 @@ $THEME_MODE = "test";
 // Generate output lines for the template
 $OUT = ""; $SW = 2;
 $result = SQL_QUERY("SELECT id, theme_path, theme_active, theme_ver, theme_name FROM `"._MYSQL_PREFIX."_themes` ORDER BY theme_path", __FILE__, __LINE__);
-if (SQL_NUMROWS($result) > 0)
-{
-       while(list($id, $unix, $active, $ver, $name) = SQL_FETCHROW($result))
-       {
+if (SQL_NUMROWS($result) > 0) {
+       while(list($id, $unix, $active, $ver, $name) = SQL_FETCHROW($result)) {
                // Load theme in test mode
                require(PATH."theme/".$unix."/theme.php");
 
index e53914b..bcdddce 100644 (file)
@@ -41,7 +41,7 @@ if (!defined('__SECURITY')) {
 OPEN_TABLE("500", "guest_login_header dashed", "center");
 OUTPUT_HTML("<br /><strong>".VALIDATING_LOGIN."</strong><br />");
 
-if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) {
+if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash'))) {
        // Login failtures are supported since 0.4.7
        // Do we have 0.4.7 of sql_patches or later?
        $ADD = "";
@@ -61,7 +61,7 @@ if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSession
        SQL_FREERESULT($result);
 
        // Change to new theme
-       set_session("mxchange_theme", $data['curr_theme']);
+       set_session('mxchange_theme', $data['curr_theme']);
 
        // Remmeber login failtures if available
        if (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
index 333d777..76fdc29 100644 (file)
@@ -105,7 +105,7 @@ if (!empty($_GET['hash'])) {
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
-                               set_session("lead_uid", bigintval($uid));
+                               set_session('lead_uid', bigintval($uid));
 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");
@@ -116,7 +116,7 @@ if (!empty($_GET['hash'])) {
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
-                       set_session("lead_uid", bigintval($uid));
+                       set_session('lead_uid', bigintval($uid));
 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");
@@ -132,14 +132,11 @@ if (!empty($_GET['hash'])) {
                define('__UID', "0");
                LOAD_TEMPLATE("guest_confirm_table");
        }
-}
- elseif ((isset($_POST['ok'])) && (!empty($_POST['email'])))
-{
+} elseif ((isset($_POST['ok'])) && (!empty($_POST['email']))) {
        // Confirmation link requested      0     1         2
        $result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
-        array($_POST['email']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+               array($_POST['email']), __FILE__, __LINE__);
+       if (SQL_NUMROWS($result) == 1) {
                // Email address found
                $DATA = SQL_FETCHROW($result);
                switch ($DATA[1])
index 8f8074f..6b10899 100644 (file)
 if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
+} elseif ((!EXT_IS_ACTIVE("user")) && (!IS_ADMIN())) {
+       ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "user");
+       return;
 }
 
 // Add description as navigation point
 ADD_DESCR("guest", __FILE__);
 
-global $DATA, $FATAL;
+global $DATA, $ERROR;
 
-// Initialize data
-$probe_nickname = false; $uid = false; $hash = "";
-unset($login); unset($online);
+// Initialize variables
+$ERROR = 0;
+$probe_nickname = false;
+$uid = false;
+$hash = "";
+$URL = "";
+$ADD = "";
 
+// Already logged in?
 if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
-       // Already logged in?
+       // Maybe, then continue with it
        $uid = $GLOBALS['userid'];
 } elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) {
        // Set userid and crypt password when login data was submitted
-       $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".($_POST['id'] + 0)."") != $_POST['id']));
-       if ($probe_nickname === true) {
+       if ((EXT_IS_ACTIVE("nickname")) && (NICKNAME_PROBE_ON_USERID($_POST['id']))) {
                // Nickname entered
                $uid = SQL_ESCAPE($_POST['id']);
        } else {
@@ -69,237 +76,22 @@ if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
        $uid = 0; $hash = "";
 }
 
-$URL = ""; $ADD = "";
 // Set unset variables
 if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";
 if (empty($_GET['login']))     $_GET['login']     = "";
 
 if (IS_MEMBER()) {
        // Login immidiately...
-       $URL = URL."/modules.php?module=login";
+       $URL = "modules.php?module=login";
 } elseif ((isset($_POST['ok'])) && ("".$uid."" != "".$_POST['id']."")) {
        // Invalid input (no nickname extension installed but nickname entered)
        $ERROR = CODE_EXTENSION_PROBLEM;
 } elseif (isset($_POST['ok'])) {
-       // Add last_login if available
-       $LAST = "";
-       if (GET_EXT_VERSION("sql_patches") >= "0.2.8") {
-               $LAST = ", last_login";
-       } // END - if
-
-       // Check login data
-       $password = ""; $uid2 = ""; $dmy = "";
-       if ($probe_nickname === true) {
-               // Nickname entered
-               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
-                       array($uid), __FILE__, __LINE__);
-               list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
-               if (!empty($uid2)) $uid = bigintval($uid2);
-       } else {
-               // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
-                       array($uid, $hash), __FILE__, __LINE__);
-               list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
-       }
-
-       // Is there an entry?
-       if ((SQL_NUMROWS($result) == 1) && ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid))) {
-               // Free result
-               SQL_FREERESULT($result);
-
-               // By default the hash is empty
-               $hash = "";
-
-               // Check for old MD5 passwords
-               if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) {
-                       // Just set the hash to the password from DB... :)
-                       $hash = $password;
-               } else {
-                       // Hash password with improved way for comparsion
-                       $hash = generateHash($_POST['password'], substr($password, 0, -40));
-               }
-
-               if ($hash == $password) {
-                       // New hashed password found so let's generate a new one
-                       $hash = generateHash($_POST['password']);
-
-                       // ... and update database
-                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
-                               array($hash, $uid), __FILE__, __LINE__);
-
-                       // No login bonus by default
-                       $BONUS = false;
-
-                       // Probe for last online timemark
-                       $probe = time() -  $online;
-                       if (!empty($login)) $probe = time() - $login;
-                       if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) {
-                               // Add login bonus to user's account
-                               $ADD = sprintf(", login_bonus=login_bonus+%s",
-                                       (float)getConfig('login_bonus')
-                               );
-                               $BONUS = true;
-
-                               // Subtract login bonus from userid's account or jackpot
-                               if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
-                       } // END - if
-
-                       // Init variables
-                       $life = "-1"; $login = false;
-
-                       // Secure lifetime from input form
-                       $l = bigintval($_POST['lifetime']);
-
-                       // Is the lifetime set?
-                       if ($l > 0) {
-                               // Calculate lifetime of cookies
-                               $life = time() + $l;
-
-                               // Calculate new hash with the secret key and master salt together
-                               $hash = generatePassString($hash);
-
-                               // Update cookies
-                               $login = (set_session("userid"  , $uid , $life, COOKIE_PATH)
-                                      && set_session("u_hash"  , $hash, $life, COOKIE_PATH)
-                                      && set_session("lifetime", $l   , $life, COOKIE_PATH)
-                               );
-
-                               // Update global array
-                               $GLOBALS['userid'] = $uid;
-                       } else {
-                               // Check for login data
-                               $login = IS_MEMBER();
-                       }
-
-                       if ($login) {
-                               // Update database records
-                               SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
-                                       array($uid), __FILE__, __LINE__);
-                               if (SQL_AFFECTEDROWS() == 1) {
-                                       // Procedure to checking for login data
-                                       if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) {
-                                               // Bonus added (just displaying!)
-                                               $URL = URL."/modules.php?module=chk_login&amp;mode=bonus";
-                                       } else {
-                                               // Bonus not added
-                                               $URL = URL."/modules.php?module=chk_login&amp;mode=login";
-                                       }
-                               } else {
-                                       // Cannot update counter!
-                                       $URL = URL."/modules.php?module=index&amp;what=login&amp;login=".CODE_CNTR_FAILED;
-                               }
-                       } else {
-                               // Cookies not setable!
-                               $URL = URL."/modules.php?module=index&amp;what=login&amp;login=".CODE_NO_COOKIES;
-                       }
-               } elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
-                       // Update failture counter
-                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1",
-                               array($uid), __FILE__, __LINE__);
-
-                       // Wrong password!
-                       $ERROR = CODE_WRONG_PASS;
-               }
-       } elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) {
-               // Other account status?
-               $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
-                       array($uid), __FILE__, __LINE__);
-
-               // Entry found?
-               if (SQL_NUMROWS($result) == 1) {
-                       // Load status
-                       list($status) = SQL_FETCHROW($result);
-                       switch ($status) {
-                               case "LOCKED":
-                                       $ERROR = CODE_ID_LOCKED;
-                                       break;
-
-                               case "UNCONFIRMED":
-                                       $ERROR = CODE_ID_UNCONFIRMED;
-                                       break;
-
-                               default:
-                                       DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown error status %s detected.", $status));
-                                       $ERROR = CODE_UNKNOWN_STATUS;
-                                       break;
-                       }
-               } else {
-                       // ID not found!
-                       $ERROR = CODE_WRONG_ID;
-               }
-
-               // Construct URL
-               $URL = URL."/modules.php?module=index&amp;what=login&amp;login=".$ERROR;
-       } else {
-               // ID not found!
-               $ERROR = CODE_WRONG_ID;
-       }
+       // Try the login (see inc/libs/user_functions.php)
+       $URL = USER_DO_LOGIN($_POST['id'], $_POST['password']);
 } elseif ((!empty($_POST['new_pass'])) && (isset($uid))) {
-       // Compile email when found in address (only secure chars!)
-       if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);
-
-       // Set ID number when left empty
-       if (empty($_POST['id'])) $_POST['id'] = 0;
-
-       // Init result
-       $result = false;
-
-       // Probe userid/nickname
-       if ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id'])) {
-               // Nickname entered
-               $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1",
-                       array($uid, $_POST['email']), __FILE__, __LINE__);
-       } elseif (($uid > 0) && (empty($_POST['email']))) {
-               // Direct userid entered
-               $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
-                       array(bigintval($uid)), __FILE__, __LINE__);
-       } elseif (!empty($_POST['email'])) {
-               // Email entered
-               $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
-                       array($_POST['email']), __FILE__, __LINE__);
-       } else {
-               // Userid not set!
-               DEBUG_LOG(__FILE__, __LINE__, "Userid is not set! BUG!");
-               $ERROR = CODE_WRONG_ID;
-       }
-
-       // Any entry found?
-       if (SQL_NUMROWS($result) == 1) {
-               // This data is valid, so we create a new pass... :-)
-               list($uid, $status) = SQL_FETCHROW($result);
-
-               if ($status == "CONFIRMED") {
-                       // Ooppps, this was missing! ;-) We should update the database...
-                       $NEW_PASS = GEN_PASS();
-                       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1",
-                               array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__);
-
-                       // Prepare data and message for email
-                       $msg = LOAD_EMAIL_TEMPLATE("new-pass", array('new_pass' => $NEW_PASS), $uid);
-
-                       // ... and send it away
-                       SEND_EMAIL($uid, GUEST_NEW_PASSWORD, $msg);
-
-                       // Output note to user
-                       LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
-               } else {
-                       // Account is locked or unconfirmed
-                       switch ($status) {
-                               case "LOCKED"     : $ERROR = CODE_ID_LOCKED;      break;
-                               case "UNCONFIRMED": $ERROR = CODE_ID_UNCONFIRMED; break;
-                               default: // Unhandled account status!
-                                       $ERROR = CODE_UNHANDLED_STATUS;
-                                       DEBUG_LOG(__FILE__, __LINE__, sprintf("Undhandled account status %s detected.", $status));
-                                       break;
-                       }
-
-                       // Load URL
-                       LOAD_URL("modules.php?module=index&amp;what=login&amp;login=".$MSG);
-               }
-       } else {
-               // ID or email is wrong
-               LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");
-       }
+       // Try the userid/email lookup (see inc/libs/user_functions.php)
+       $ERROR = USER_DO_NEW_PASSWORD($_POST['email'], $uid);
 }
 
 // Login problems?
@@ -311,10 +103,10 @@ if (!empty($_GET['login'])) {
 // Login problems?
 if (!empty($ERROR)) {
        // Ok, which one now?
-       $MSG = "<TR>
-  <TD width=\"10\">&nbsp;</TD>
-  <TD colspan=\"7\" align=\"center\">
-    <STRONG><SPAN class=\"guest_failed\">";
+       $MSG = "<tr>
+  <td width=\"10\" class=\"seperator\">&nbsp;</td>
+  <td colspan=\"7\" align=\"center\">
+    <span class=\"guest_failed\">";
 
        switch ($ERROR) {
                case CODE_WRONG_PASS:
@@ -350,10 +142,10 @@ if (!empty($ERROR)) {
                        $MSG .= LOGIN_WRONG_ID;
                        break;
                }
-               $MSG .= "</SPAN></STRONG>
-  </TD>
-  <TD width=\"10\">&nbsp;</TD>
-</TR>\n";
+               $MSG .= "</span>
+  </td>
+  <td width=\"10\" class=\"seperator\">&nbsp;</td>
+</tr>\n";
                define('LOGIN_FAILURE_MSG', $MSG);
 } else {
        // No problems, no output
@@ -370,6 +162,7 @@ if (EXT_IS_ACTIVE("nickname")) {
 // Was an URL constructed?
 if (!empty($URL)) {
        // URL was constructed
+       global $FATAL;
        if (!empty($FATAL[0])) {
                // Fatal errors!
                require_once(PATH."inc/fatal_errors.php");
index e185ae8..2f7ed2a 100644 (file)
@@ -224,17 +224,14 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
                list($status) = SQL_FETCHROW($result);
                if ($status == "CONFIRMED") {
-                       // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
-                       // seperate timeout for these two cookies?
-                       $life = (time() + getConfig('online_timeout'));
-
                        // Is confirmed so both is fine and we can continue with login procedure
-                       $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
-                                 (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
+                       $login = ((set_session('sponsorid'  , bigintval($_POST['sponsorid']))) &&
+                                 (set_session('sponsorpass', md5($_POST['pass'])           ))
+                       );
 
                        if ($login) {
                                // Cookie setup successfull so we can forward to sponsor area
-                               LOAD_URL(URL."/modules.php?module=sponsor");
+                               LOAD_URL("modules.php?module=sponsor");
                        } else {
                                // Cookie setup failed!
                                LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
index b308473..ba29320 100644 (file)
@@ -36,31 +36,17 @@ if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 } elseif (!IS_MEMBER()) {
-       $URL = URL."/modules.php?module=index";
-       if ($check == "mem_only") $URL .= "&msg=".urlencode(LANG_MEM_ONLY_1.$GLOBALS['module'].LANG_MEM_ONLY_2);
+       $URL = "modules.php?module=index";
+       if ($check == "mem_only") $URL .= "&amp;msg=".urlencode(LANG_MEM_ONLY_1.$GLOBALS['module'].LANG_MEM_ONLY_2);
        LOAD_URL($URL);
 }
 
 if ($status != "CONFIRMED") {
        // If the status is different than confirmed move the user away from here
-       switch ($status)
-       {
-       case "LOCKED":
-               $ERROR = CODE_ID_LOCKED;
-               break;
-
-       case "UNCONFIRMED":
-               $ERROR = CODE_ID_UNCONFIRMED;
-               break;
-
-       default:
-               DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s detected.", $status));
-               $ERROR = CODE_UNKNOWN_STATUS;
-               break;
-       }
+       $ERROR = GEN_ERROR_CODE_FROM_ACCOUNT_STATUS($status);
 
        // Load URL
-       LOAD_URL(URL."/modules.php?module=index&login=".$ERROR);
+       LOAD_URL("modules.php?module=index&amp;what=login&amp;login=".$ERROR);
 } // END - if
 
 // Load adverstising template
index a32c590..163bd49 100644 (file)
@@ -36,7 +36,7 @@ if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 } elseif (!IS_MEMBER()) {
-       LOAD_URL(URL."/modules.php?module=index");
+       LOAD_URL("modules.php?module=index");
 } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
        return;
index 00e8344..3eaf9e7 100644 (file)
@@ -40,20 +40,20 @@ if (!defined('__SECURITY')) {
 }
 
 // Base URL for redirection (both cases)
-$URL = URL."/modules.php?module=index";
+$URL = "modules.php?module=index";
 
 if (destroy_user_session()) {
        // Remove theme cookie as well
        set_session("mxchange_theme", "");
 
        // Logout completed
-       $URL .= "&msg=".CODE_LOGOUT_DONE;
+       $URL .= "&amp;msg=".CODE_LOGOUT_DONE;
 
        // Destroy session here
        @session_destroy();
 } else {
        // Cannot logout! :-(
-       $URL .= "&msg=".CODE_LOGOUT_FAILED;
+       $URL .= "&amp;msg=".CODE_LOGOUT_FAILED;
 }
 
 // Load the URL
index d874b3b..7122e5e 100644 (file)
@@ -306,7 +306,7 @@ array(
 case "notify": // Switch off notfication
        SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
-       $URL = URL."/modules.php?module=login&amp;what=welcome&msg=".urlencode(PROFILE_UPDATED);
+       $URL = "modules.php?module=login&amp;what=welcome&amp;msg=".urlencode(PROFILE_UPDATED);
        break;
 }
 
index 9c42dcf..fec95d2 100644 (file)
@@ -113,7 +113,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                        // Test submitted text against some filters (length, URLs in text etc.)
                        if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1)) {
                                // URL found!
-                               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_URL_FOUND;
+                               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_URL_FOUND;
                        } // END - if
 
                        // Remove new-line and carriage-return characters
@@ -122,7 +122,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                        // Text length within allowed length?
                        if (strlen($TEST) > getConfig('max_tlength')) {
                                // Text is too long!
-                               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_OVERLENGTH;
+                               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_OVERLENGTH;
                        } // END - if
                } // END - if
 
@@ -132,7 +132,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                        $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
                        if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1)) {
                                // URL in subject found
-                               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_SUBJ_URL;
+                               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_SUBJ_URL;
                        } // END - if
                } // END - if
 
@@ -147,7 +147,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                                list($blist) = SQL_FETCHROW($result);
 
                                // Create redirect-URL
-                               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_BLIST_URL."&blist=".$blist;
+                               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_BLIST_URL."&blist=".$blist;
                        } // END - if
 
                        // Free result
@@ -157,13 +157,13 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                // Enougth receivers entered?
                if (($_POST['receiver'] < getConfig('order_min')) && (!IS_ADMIN())) {
                        // Less than allowed receivers entered!
-                       $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_RECEIVERS3;
+                       $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_RECEIVERS3;
                } // END - if
 
                // Validate URL
                if (!VALIDATE_URL($_POST['url'])) {
                        // URL is invalid!
-                       $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_INVALID_URL;
+                       $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_INVALID_URL;
                } // END - if
 
                // Probe for HTML extension
@@ -174,7 +174,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                                $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
 
                                // Maybe invalid tags found?
-                               if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_INVALID_TAGS."&id=".$id;
+                               if (empty($_POST['text'])) $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_INVALID_TAGS."&amp;id=".$id;
                        } else {
                                // Remove any HTML code
                                $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
@@ -182,7 +182,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                }
        } elseif (!IS_ADMIN()) {
                // He has already sent a mail within a specific time
-               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_URL_TLOCK."&id=".$id;
+               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_URL_TLOCK."&amp;id=".$id;
        }
 
        // Still no error?
@@ -371,22 +371,22 @@ array(
                                }
 
                                // ID is received so we can redirect the user, used points will be added when he send's out the mail
-                               $URL = URL."/modules.php?module=frametester&amp;order=".$id."";
+                               $URL = "modules.php?module=frametester&amp;order=".$id."";
                        } elseif ($MAX_SEND == 0) {
                                // Not enougth receivers found which can receive mails
-                               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_RECEIVERS2;
+                               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_RECEIVERS2;
                        } else {
                                // No enougth points left!
-                               $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_POINTS;
+                               $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_POINTS;
                        }
                } else  {
                        // Ordered more mails than he can send in this category
-                       $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_NO_RECS_LEFT;
+                       $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_NO_RECS_LEFT;
                }
        }
 } elseif ($_POST['receiver'] == "0") {
        // Not enougth receivers selected
-       $URL = URL."/modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_RECEIVERS1;
+       $URL = "modules.php?module=login&amp;what=order&amp;msg=".CODE_MORE_RECEIVERS1;
 } elseif (($ALLOWED == 0) && (getConfig('order_max_full') == "ORDER")) {
        // No more mail orders allowed
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_ORDER_ALLOWED_EXHAUSTED);
index 6a39e18..f6f60f7 100644 (file)
@@ -35,7 +35,7 @@ if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 } elseif (!IS_MEMBER()) {
-       LOAD_URL(URL."/modules.php?module=index");
+       LOAD_URL("modules.php?module=index");
 } elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor");
        return;
index d38757f..c70cb25 100644 (file)
@@ -37,7 +37,7 @@ if (!defined('__SECURITY')) {
        require($INC);
 } elseif (!IS_MEMBER()) {
        // Redirect
-       LOAD_URL(URL."/modules.php?module=index");
+       LOAD_URL("modules.php?module=index");
 } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
        return;
index b9b9df8..4a5493f 100644 (file)
@@ -36,7 +36,7 @@ if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 } elseif (!IS_MEMBER()) {
-       LOAD_URL(URL."/modules.php?module=index");
+       LOAD_URL("modules.php?module=index");
 } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
        return;
index a1d6f97..bcdd6d1 100644 (file)
@@ -36,7 +36,7 @@ if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 } elseif (!IS_MEMBER()) {
-       LOAD_URL(URL."/modules.php?module=index");
+       LOAD_URL("modules.php?module=index");
 } elseif ((!EXT_IS_ACTIVE("surfbar")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "surfbar");
        return;
index 6256909..17708e1 100644 (file)
@@ -54,7 +54,7 @@ if (!empty($_POST['member_theme'])) {
        $newTheme = SQL_ESCAPE($_POST['member_theme']);
 
        // Change to new theme
-       set_session("mxchange_theme", $newTheme);
+       set_session('mxchange_theme', $newTheme);
 
        // Theme saved!
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED);
index 8df4615..c6c5be2 100644 (file)
@@ -41,10 +41,10 @@ if (!defined('__SECURITY')) {
        return;
 } elseif (!IS_MEMBER()) {
        // Sorry, no guest access!
-       $URL = URL."/modules.php?module=index";
+       $URL = "modules.php?module=index";
 } elseif (empty($_GET['order'])) {
        // You cannot call this module directly!
-       $URL = URL."/modules.php?module=login&amp;what=order";
+       $URL = "modules.php?module=login&amp;what=order";
 }
 
 // When URL is empty nothing bad happend here
@@ -110,7 +110,7 @@ if (empty($URL)) {
                LOAD_TEMPLATE("member_order-back", false);
        } else {
                // Matching line not found or already "placed" in send queue
-               LOAD_URL(URL."/modules.php?module=login");
+               LOAD_URL("modules.php?module=login");
        }
 } else {
        // Redirect...
index c402de5..70c8f4b 100644 (file)
@@ -50,7 +50,7 @@ phone, fax, cell, email, url,
 status, receive_warnings
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
 if (SQL_NUMROWS($result) == 1) {
        // Load sponsor data
        $content = SQL_FETCHARRAY($result);
@@ -61,7 +61,7 @@ if (SQL_NUMROWS($result) == 1) {
                        if (empty($_POST['pass_old'])) {
                                // No current password entered
                                $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
-                       } elseif (md5($_POST['pass_old']) != $_COOKIE['sponsorpass']) {
+                       } elseif (md5($_POST['pass_old']) != get_session('sponsorpass')) {
                                // Entered password didn't match password in DB
                                $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
                        } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
@@ -142,7 +142,7 @@ if (SQL_NUMROWS($result) == 1) {
        }
 } else {
        // Sponsor account not found!
-       $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+       $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.get_session('sponsorid').SPONSOR_ACCOUNT_404_2);
 }
 
 // Free memory
index 1db6bbd..0d46ecf 100644 (file)
@@ -47,7 +47,7 @@ if (!defined('__SECURITY')) {
 $result = SQL_QUERY_ESC("SELECT status, receive_warnings, warning_interval, email, surname, family, gender
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
 if (SQL_NUMROWS($result) == 1) {
        // Load sponsor data
        $content = SQL_FETCHARRAY($result);
@@ -58,7 +58,7 @@ if (SQL_NUMROWS($result) == 1) {
                        if (empty($_POST['password'])) {
                                // No current password entered
                                $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
-                       } elseif (md5($_POST['password']) != $_COOKIE['sponsorpass']) {
+                       } elseif (md5($_POST['password']) != get_session('sponsorpass')) {
                                // Entered password didn't match password in DB
                                $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
                        } else {
@@ -113,7 +113,7 @@ if (SQL_NUMROWS($result) == 1) {
        }
 } else {
        // Sponsor account not found!
-       $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+       $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.get_session('sponsorid').SPONSOR_ACCOUNT_404_2);
 }
 
 // Free memory
index 49454d7..d2c0c59 100644 (file)
@@ -47,7 +47,7 @@ if (!defined('__SECURITY')) {
 $result = SQL_QUERY_ESC("SELECT gender, surname, family, (points_amount - points_used) AS points
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
 list($gender, $surname, $family, $points) = SQL_FETCHROW($result);
 
 // Free memory
index 084bb5a..82ebd07 100644 (file)
@@ -595,8 +595,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest")
        }
 }
 //
-function IS_MEMBER()
-{
+function IS_MEMBER () {
        global $status, $LAST, $cacheArray;
        if (!is_array($LAST)) $LAST = array();
        $ret = false;
@@ -608,16 +607,14 @@ function IS_MEMBER()
        } // END - if
 
        // Fix "deleted" cookies first
-       FIX_DELETED_COOKIES(array('userid','u_hash','lifetime'));
+       FIX_DELETED_COOKIES(array('userid', 'u_hash'));
 
        // Are cookies set?
-       if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
-       {
+       if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash'))) {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
-                array($GLOBALS['userid']), __FILE__, __LINE__);
-               if (SQL_NUMROWS($result) == 1)
-               {
+                       array($GLOBALS['userid']), __FILE__, __LINE__);
+               if (SQL_NUMROWS($result) == 1) {
                        // Load data from cookies
                        list($password, $status, $mod, $onl) = SQL_FETCHROW($result);
 
@@ -625,7 +622,10 @@ function IS_MEMBER()
                        $valPass = generatePassString($password);
 
                        // Transfer last module and online time
-                       if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
+                       if ((!empty($mod)) && (empty($LAST['module']))) {
+                               $LAST['module'] = $mod;
+                               $LAST['online'] = $onl;
+                       } // END - if
 
                        // So did we now have valid data and an unlocked user?
                        //* DEBUG: */ echo $valPass."<br />".get_session('u_hash')."<br />";
@@ -636,17 +636,11 @@ function IS_MEMBER()
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br />";
                                destroy_user_session();
-
-                               // Reset userid
-                               $GLOBALS['userid'] = 0;
                        }
                } else {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br />";
                        destroy_user_session();
-
-                       // Reset userid
-                       $GLOBALS['userid'] = 0;
                }
 
                // Free memory
@@ -655,9 +649,6 @@ function IS_MEMBER()
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br />";
                destroy_user_session();
-
-               // Reset userid
-               $GLOBALS['userid'] = 0;
        }
 
        // Cache status
index 9b98c0f..312719a 100644 (file)
--- a/index.php
+++ b/index.php
@@ -59,10 +59,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                // Is the index page configured for redirect pr not?
                if (getConfig('index_cookie') > 0) {
                        // Set cookie and remeber it for specified time
-                       set_session("visited", "true");
+                       set_session('visited', "true");
                } elseif (isSessionVariableSet('visited')) {
                        // Remove cookie when admin set 0 in setup
-                       set_session("visited", "");
+                       set_session('visited', "");
                }
 
                // Template laden
diff --git a/ref.php b/ref.php
index 4b34282..7f92027 100644 (file)
--- a/ref.php
+++ b/ref.php
@@ -50,11 +50,11 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        switch (getConfig('refid_target'))
        {
        case "register":
-               $URL = URL."/modules.php?module=index&what=register&refid=";
+               $URL = "modules.php?module=index&amp;what=register&refid=";
                break;
 
        case "index":
-               $URL = URL."/index.php?refid=";
+               $URL = "index.php?refid=";
                break;
        }
 
@@ -98,7 +98,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
                } // END - if
        } else {
                // No refid and we add our refid (don't forget to set $def_refid!)
-               $URL = URL."/index.php";
+               $URL = "index.php";
        }
 
        // Load the URL
index 9d1a292..c3aadaa 100644 (file)
@@ -39,10 +39,10 @@ require("inc/config.php");
 // Is the script installed?
 if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Base URL for redirection
-       $URL = URL."/modules.php?module=index&amp;what=sponsor_login&hash=";
+       $URL = "modules.php?module=index&amp;what=sponsor_login&hash=";
        if (empty($_GET['hash'])) {
                // No refid and we add our refid (don't forget to set $def_refid!)
-               $URL = URL."/modules.php?module=index";
+               $URL = "modules.php?module=index";
        } else {
                // We have an refid here. So we simply add it
                $URL .= SQL_ESCAPE($_GET['hash']);
@@ -54,7 +54,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Redirection should be done here
 } else {
        // You have to configure first!
-       LOAD_URL(URL."/install.php");
+       LOAD_URL("install.php");
 }
 
 // Really all done here... ;-)
index 6b66586..bbcb00a 100644 (file)
@@ -39,7 +39,7 @@ require("inc/config.php");
 // Redirect only to registration page when this script is installed
 if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installed))) {
        // Base URL for redirection
-       $URL = URL."/modules.php?module=index&what=sponsor_reg&refid=";
+       $URL = "modules.php?module=index&amp;what=sponsor_reg&refid=";
 
        // Get referal ID from ref or refid variable
        $ref = 0;
@@ -51,7 +51,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installe
                $URL .= $ref;
        } else {
                // No refid so we redirect to the index page
-               $URL = URL."/index.php";
+               $URL = "index.php";
        }
 
        // Load the URL
@@ -60,7 +60,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue(mxchange_installe
        // Redirection should be done here
 } else {
        // You have to configure first!
-       LOAD_URL(URL."/install.php");
+       LOAD_URL("install.php");
 }
 
 // Really all done here... ;-)
index 68b6d38..dfc8d87 100644 (file)
@@ -54,10 +54,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
        // Only logged in users may use this surfbar!
        if (!EXT_IS_ACTIVE("surfbar")) {
                // Surfbar deactivated
-               LOAD_URL(URL."/modules.php?module=login&msg=".CODE_EXTENSION_PROBLEM."&amp;ext=surfbar");
+               LOAD_URL("modules.php?module=login&amp;msg=".CODE_EXTENSION_PROBLEM."&amp;ext=surfbar");
        } elseif (!IS_MEMBER()) {
                // Redirect
-               LOAD_URL(URL."/modules.php?module=index");
+               LOAD_URL("modules.php?module=index");
        }
 
        // Handle tasks on self-maintenance