From: Roland Häder Date: Tue, 5 Jul 2011 22:59:30 +0000 (+0000) Subject: - Rewrites to use more the userid than the actual email address when sending X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=11a9294db20070dc0c2f578d3a91b69cc7c1182d - Rewrites to use more the userid than the actual email address when sending emails to a user - Fixed 'Send new password' - isRequestParameterSet() are now check if the content is not empty - TODOs.txt updated --- diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt index d403b8ca83..08135b567d 100644 --- a/DOCS/TODOs.txt +++ b/DOCS/TODOs.txt @@ -1,13 +1,13 @@ ### WARNING: THIS FILE IS AUTO-GENERATED BY ./DOCS/todo-builder.sh (uid=/user=quix0r) ### ### DO NOT EDIT THIS FILE. ### ./autoreg.php:58:// @TODO Add processing of request here -./beg.php:171: // @TODO Opps, what is missing here??? +./beg.php:168: // @TODO Opps, what is missing here??? ./birthday_confirm.php:93: // @TODO Try to rewrite the following unset() ./inc/cache/config-local.php:124:// @TODO Rewrite the following three constants, somehow... ./inc/classes/cachesystem.class.php:504: // @TODO Add support for more types which break in last else-block ./inc/config-functions.php:136: // @TODO Make this all better... :-/ ./inc/daily/daily_beg.php:52:// @TODO This should be converted in a daily beg rallye -./inc/daily/daily_birthday.php:95: // @TODO 4 is hard-coded here, should we move it out in config? +./inc/daily/daily_birthday.php:96: // @TODO 4 is hard-coded here, should we move it out in config? ./inc/expression-functions.php:164:// @TODO FILTER_COMPILE_CONFIG does not handle call-back functions so we handle it here again ./inc/expression-functions.php:46: // @TODO is escapeQuotes() enougth for strings with single/double quotes? ./inc/extensions/ext-html_mail.php:136: // @TODO Move these arrays into config @@ -89,10 +89,9 @@ ./inc/libs/theme_functions.php:93: // @TODO Can't this be rewritten to an API function? ./inc/libs/user_functions.php:144: // @TODO These two constants are no longer used, maybe we reactivate this code? ./inc/libs/user_functions.php:232:// @TODO Double-check configuration entry here -./inc/libs/user_functions.php:325: // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); -./inc/libs/user_functions.php:354: // @TODO Make this filter working: $url = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); -./inc/libs/user_functions.php:432: // @TODO We should try to rewrite this to fetchUserData() somehow -./inc/libs/user_functions.php:620: // @TODO Try to rewrite the following unset() +./inc/libs/user_functions.php:327: // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); +./inc/libs/user_functions.php:356: // @TODO Make this filter working: $url = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); +./inc/libs/user_functions.php:623: // @TODO Try to rewrite the following unset() ./inc/libs/yoomedia_functions.php:114: $response = YOOMEDIA_QUERY_API('out_textmail.php', true); // @TODO Ask Yoo!Media for test script ./inc/load_config.php:75: // @TODO Rewrite them to avoid this else block ./inc/loader/load-extension.php:13: * @TODO Rewrite this whole file * @@ -156,7 +155,7 @@ ./inc/modules/admin/what-usage.php:87: // @TODO This code is double, see loadTemplate() and loadEmailTemplate() in functions.php ./inc/modules/admin/what-usr_online.php:49: // @TODO Add a filter for sponsor ./inc/modules/guest/what-beg.php:51:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout())); -./inc/modules/guest/what-login.php:121: // @TODO Move this HTML code into a template +./inc/modules/guest/what-login.php:125: // @TODO Move this HTML code into a template ./inc/modules/guest/what-mediadata.php:180:// @TODO Rewrite all these if-blocks to filters ./inc/modules/guest/what-mediadata.php:67: // @TODO Find a better formular than this one ./inc/modules/guest/what-rallyes.php:89: // @TODO Reactivate this: $content['admin'] = '' . $login . ''; @@ -182,29 +181,29 @@ ./inc/modules/member/what-unconfirmed.php:203: // @TODO This 'userid' cannot be saved because of encapsulated EL code ./inc/modules/order.php:74: // @TODO Unused: 2,4 ./inc/monthly/monthly_bonus.php:64: // @TODO Rewrite this to a filter -./inc/mysql-manager.php:1220: // @TODO Rewrite this to a filter -./inc/mysql-manager.php:1482: // @TODO Try to rewrite this to $content = SQL_FETCHARRAY() -./inc/mysql-manager.php:1570: // @TODO Rewrite these lines to a filter -./inc/mysql-manager.php:1594: // @TODO Rewrite this to a filter -./inc/mysql-manager.php:1962: // @TODO Rewrite this to a filter -./inc/mysql-manager.php:2006:// @TODO Fix inconsistency between last_module and getWhat() +./inc/mysql-manager.php:1223: // @TODO Rewrite this to a filter +./inc/mysql-manager.php:1485: // @TODO Try to rewrite this to $content = SQL_FETCHARRAY() +./inc/mysql-manager.php:1573: // @TODO Rewrite these lines to a filter +./inc/mysql-manager.php:1597: // @TODO Rewrite this to a filter +./inc/mysql-manager.php:1965: // @TODO Rewrite this to a filter +./inc/mysql-manager.php:2009:// @TODO Fix inconsistency between last_module and getWhat() ./inc/mysql-manager.php:371: // @TODO Try to rewrite this to one or more functions ./inc/mysql-manager.php:44:// @TODO Can we cache this? ./inc/purge/purge-inact.php:55: // @TODO Rewrite these if() blocks to a filter ./inc/revision-functions.php:169:// @TODO This function does also set and get in 'cache_array' -./inc/template-functions.php:1055: // @TODO Deprecate this thing -./inc/template-functions.php:1066: // @TODO Deprecate this thing -./inc/template-functions.php:1153: // @TODO This can be easily moved out after the merge from EL branch to this is complete -./inc/template-functions.php:1186: // @TODO Add a little more infos here -./inc/template-functions.php:1497:// @TODO Lame description for this function -./inc/template-functions.php:1519: // @TODO Move this in a filter +./inc/template-functions.php:1058: // @TODO Deprecate this thing +./inc/template-functions.php:1069: // @TODO Deprecate this thing +./inc/template-functions.php:1156: // @TODO This can be easily moved out after the merge from EL branch to this is complete +./inc/template-functions.php:1189: // @TODO Add a little more infos here +./inc/template-functions.php:1500:// @TODO Lame description for this function +./inc/template-functions.php:1522: // @TODO Move this in a filter ./inc/template-functions.php:189: * @TODO On some pages this is buggy ./inc/template-functions.php:265: // @TODO Remove this sanity-check if all is fine -./inc/template-functions.php:583:// @TODO $simple/$constants are deprecated -./inc/template-functions.php:609: // @TODO Do only use $content and deprecate $GLOBALS and $DATA in templates +./inc/template-functions.php:586:// @TODO $simple/$constants are deprecated +./inc/template-functions.php:612: // @TODO Do only use $content and deprecate $GLOBALS and $DATA in templates ./inc/wrapper-functions.php:130:// @TODO Implement $compress ./inc/wrapper-functions.php:137:// @TODO Implement $decompress -./inc/wrapper-functions.php:507:// @TODO Do some more sanity check here +./inc/wrapper-functions.php:514:// @TODO Do some more sanity check here ./mailid.php:139: // @TODO Rewrite this to a filter ./mailid.php:96: // @TODO Rewrite this to a filter ./mailid_top.php:103: // @TODO Rewrite this to a filter diff --git a/beg.php b/beg.php index 89775b185c..14d19efe31 100644 --- a/beg.php +++ b/beg.php @@ -64,15 +64,12 @@ if (isGetRequestParameterSet('userid')) { $pay = false; // Validate if it is not a number - if (isNicknameUsed(getRequestParameter('userid'))) { - // Is the nickname extension there? - if (isExtensionActive('nickname')) { - // Maybe we have found a nickname? - fetchUserData(getRequestParameter('userid'), 'nickname'); - } else { - // Nickname entered but nickname is not active - $errorCode = getCode('EXTENSION_PROBLEM'); - } + if ((isExtensionActive('nickname')) && (isNicknameUsed(getRequestParameter('userid')))) { + // Maybe we have found a nickname? + fetchUserData(getRequestParameter('userid'), 'nickname'); + } elseif (isNicknameUsed(getRequestParameter('userid'))) { + // Nickname entered but nickname is not active + $errorCode = getCode('EXTENSION_PROBLEM'); } else { // Direct userid fetchUserData(getRequestParameter('userid')); diff --git a/inc/daily/daily_birthday.php b/inc/daily/daily_birthday.php index 7167648dc4..42273b6f31 100644 --- a/inc/daily/daily_birthday.php +++ b/inc/daily/daily_birthday.php @@ -64,7 +64,8 @@ if ((getConfig('birthday_active') == 'Y') && (isExtensionActive('autopurge')) & } // END - if // Only confirmed members shall receive birthday mails... -$result_birthday = SQL_QUERY_ESC("SELECT `userid`, `email`, `birth_year` +$result_birthday = SQL_QUERY_ESC("SELECT + `userid`, `email`, `birth_year` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE @@ -112,7 +113,7 @@ if (!SQL_HASZERONUMS($result_birthday)) { } // Send email - sendEmail($content['email'], '{--MEMBER_HAPPY_BIRTHDAY_SUBJECT--}', $message); + sendEmail($content['userid'], '{--MEMBER_HAPPY_BIRTHDAY_SUBJECT--}', $message); // Remember him that he has received a birthday mail SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `birthday_sent`=UNIX_TIMESTAMP() WHERE `userid`=%s LIMIT 1", diff --git a/inc/daily/daily_profile.php b/inc/daily/daily_profile.php index 3e8e9a6d64..8d83be5500 100644 --- a/inc/daily/daily_profile.php +++ b/inc/daily/daily_profile.php @@ -88,7 +88,7 @@ ORDER BY // Load email template and send mail away $message = loadEmailTemplate('member_profile', $content, bigintval($content['userid'])); - sendEmail($content['email'], '{--MEMBER_PROFILE_OUTDATED_SUBJECT--}', $message); + sendEmail($content['userid'], '{--MEMBER_PROFILE_OUTDATED_SUBJECT--}', $message); // Update profile data SQL_QUERY_ESC("UPDATE diff --git a/inc/libs/refback_functions.php b/inc/libs/refback_functions.php index c4b15f74e9..1e5778ee41 100644 --- a/inc/libs/refback_functions.php +++ b/inc/libs/refback_functions.php @@ -214,8 +214,12 @@ function updateRefbackTable ($userid) { } // END - if // Check existence - $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_refs` WHERE `userid`=%s AND `level`='%s' AND `refid`=%s LIMIT 1", - array(bigintval($userid), $GLOBALS['refback_level'], bigintval($GLOBALS['refback_refid'][$GLOBALS['refback_level']])), __FUNCTION__, __LINE__); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_refs` WHERE `userid`=%s AND `level`=%s AND `refid`=%s LIMIT 1", + array( + bigintval($userid), + bigintval($GLOBALS['refback_level']), + bigintval($GLOBALS['refback_refid'][$GLOBALS['refback_level']]) + ), __FUNCTION__, __LINE__); // Do we have no entry? //* DEBUG: */ print(__FUNCTION__ . '(' . __LINE__."):userid={$userid},level={$GLOBALS['refback_level']},ref={$GLOBALS['refback_refid'][$GLOBALS['refback_level']]},minus={$minus},numRows=".SQL_NUMROWS($result)." - FOUND!
"); @@ -236,8 +240,12 @@ function updateRefbackTable ($userid) { $userid = $old; // Shall we add this as well? - $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_refs` WHERE `userid`=%s AND `level`='%s' AND `refid`=%s LIMIT 1", - array(bigintval($userid), ($GLOBALS['refback_level']-$minus), bigintval($GLOBALS['refback_refid'][$GLOBALS['refback_level']])), __FUNCTION__, __LINE__); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_refs` WHERE `userid`=%s AND `level`=%s AND `refid`=%s LIMIT 1", + array( + bigintval($userid), + (bigintval($GLOBALS['refback_level']) - $minus), + bigintval($GLOBALS['refback_refid'][$GLOBALS['refback_level']]) + ), __FUNCTION__, __LINE__); // Do we have no entry? //* DEBUG: */ print(__FUNCTION__ . '(' . __LINE__."):userid={$userid},level=".($GLOBALS['refback_level']-$minus).",ref={$GLOBALS['refback_refid'][$GLOBALS['refback_level']]},numRows=".SQL_NUMROWS($result)." - BACK!
"); diff --git a/inc/libs/register_functions.php b/inc/libs/register_functions.php index e98010cd66..21db407cb6 100644 --- a/inc/libs/register_functions.php +++ b/inc/libs/register_functions.php @@ -437,9 +437,7 @@ function doRegistration () { $messageGuest = loadEmailTemplate('guest_register_done', $content, $userid, false); // Send mail to user (confirmation link!) - $email = $content['email']; - sendEmail($content['email'], '{--GUEST_CONFIRM_LINK_SUBJECT--}', $messageGuest); - $content['email'] = $email; + sendEmail($userid, '{--GUEST_CONFIRM_LINK_SUBJECT--}', $messageGuest); // Send mail to admin sendAdminNotification('{--ADMIN_NEW_ACCOUNT_SUBJECT--}', 'admin_register_done', $content, $userid); diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index f1d1f1c5e2..69a31a7703 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -302,11 +302,13 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p if (($errorCode == '0') && ($isFound === true)) { // Get user data array and set userid (e.g. important if we login with nickname) $content = getUserDataArray(); - if (!empty($content['userid'])) $userid = bigintval($content['userid']); + if (!empty($content['userid'])) { + $userid = bigintval($content['userid']); + } // END - if } // END - if // Is there an entry? - if ((isUserDataValid()) && (getUserData('status') == 'CONFIRMED') && (!empty($content['userid']))) { + if (($errorCode == '0') && (isUserDataValid()) && (getUserData('status') == 'CONFIRMED') && (!empty($content['userid']))) { // Check for old MD5 passwords if ((strlen(getUserData('password')) == 32) && (md5($passwd) == getUserData('password'))) { // Just set the hash to the password from DB... :) @@ -424,55 +426,55 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p // Try to send a new password for the given user account function doNewUserPassword ($email, $userid) { - // Init result and error + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'email=' . $email . ',userid=' . $userid . ' - ENTERED!'); + // Init found-status and error $errorCode = ''; - $result = false; + $accountFound = false; // Probe userid/nickname - // @TODO We should try to rewrite this to fetchUserData() somehow if (!empty($email)) { // Email entered - $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `email`='%s' OR `email`='%s' LIMIT 1", - array($email, str_replace('.', '{DOT}', $email)), __FUNCTION__, __LINE__); + $accountFound = fetchUserData($email, 'email'); } elseif ((isExtensionActive('nickname')) && (isNicknameOrUserid($userid))) { // Nickname entered - $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `nickname`='%s' OR `userid`='%s' OR `email`='%s' LIMIT 1", - array($userid, $userid, $email), __FUNCTION__, __LINE__); + $accountFound = fetchUserData($userid, 'nickname'); } elseif ((isValidUserId($userid)) && (empty($email))) { // Direct userid entered - $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", - array(bigintval($userid)), __FUNCTION__, __LINE__); + $accountFound = fetchUserData($userid); } else { // Userid not set! - logDebugMessage(__FUNCTION__, __LINE__, 'Userid is not set! BUG!'); - $errorCode = getCode('WRONG_ID'); + debug_report_bug(__FUNCTION__, __LINE__, 'userid=' . $userid . ',email=' . $email . ': Important variables are empty.'); } // Any entry found? - if (SQL_NUMROWS($result) == 1) { - // This data is valid, so we create a new pass... :-) - list($userid, $status) = SQL_FETCHROW($result); - - if ($status == 'CONFIRMED') { - // Ooppps, this was missing! ;-) We should update the database... + if ($accountFound === true) { + // Is the account confirmed + if (getUserData('status') == 'CONFIRMED') { + // Generate new password $NEW_PASS = generatePassword(); + + // Update database SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s LIMIT 1", - array(generateHash($NEW_PASS), $userid), __FUNCTION__, __LINE__); + array(generateHash($NEW_PASS), getUserData('userid')), __FUNCTION__, __LINE__); // Prepare data and message for email - $message = loadEmailTemplate('guest_new_password', array('new_pass' => $NEW_PASS, 'nickname' => $userid), $userid); + $message = loadEmailTemplate('guest_new_password', + array( + 'new_pass' => $NEW_PASS, + 'nickname' => $userid + ), bigintval(getUserData('userid'))); // ... and send it away - sendEmail($userid, '{--GUEST_NEW_PASSWORD--}', $message); + sendEmail(bigintval(getUserData('userid')), '{--GUEST_NEW_PASSWORD--}', $message); // Output note to user displayMessage('{--GUEST_NEW_PASSWORD_SEND--}'); } else { // Account is locked or unconfirmed - $errorCode = generateErrorCodeFromUserStatus($status); + $errorCode = generateErrorCodeFromUserStatus(getUserData('status')); // Load URL - redirectToUrl('modules.php?module=index&what=login&login='.$errorCode); + redirectToUrl('modules.php?module=index&what=login&login=' . $errorCode); } } else { // id or email is wrong @@ -480,6 +482,7 @@ function doNewUserPassword ($email, $userid) { } // Return the error code + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'email=' . $email . ',userid=' . $userid . ',errorCode=' . $errorCode . ' - EXIT!'); return $errorCode; } @@ -563,11 +566,11 @@ function doConfirmUserAccount ($hash) { $userid = '0'; // Search for an unconfirmed or confirmed account - $result = SQL_QUERY_ESC("SELECT `userid`, `email`, `refid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `user_hash`='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `userid`, `refid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `user_hash`='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1", array($hash), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Ok, he want's to confirm now so we load some data - list($userid, $email, $refid) = SQL_FETCHROW($result); + list($userid, $refid) = SQL_FETCHROW($result); // Fetch user data if (!fetchUserData($userid)) { @@ -597,7 +600,7 @@ LIMIT 1", $message = loadEmailTemplate('guest_user_confirmed', $content, bigintval($userid)); // And send him right away the confirmation mail - sendEmail($email, '{--GUEST_THANX_CONFIRM--}', $message); + sendEmail($userid, '{--GUEST_THANX_CONFIRM--}', $message); // Maybe he got "referaled"? if (($refid > 0) && ($refid != $userid)) { @@ -671,10 +674,10 @@ function doResendUserConfirmationLink ($email) { // Is the account unconfirmed? if ($content['status'] == 'UNCONFIRMED') { // Load email template - $message = loadEmailTemplate('guest_request_confirm', array('hash' => $content['user_hash']), $content['userid']); + $message = loadEmailTemplate('guest_request_confirm', array(), $content['userid']); // Send email - sendEmail($email, '{--GUEST_REQUEST_CONFIRM_LINK_SUBJECT--}', $message); + sendEmail($content['userid'], '{--GUEST_REQUEST_CONFIRM_LINK_SUBJECT--}', $message); } // END - if // Create message based on the status diff --git a/inc/mails/beg_mails.php b/inc/mails/beg_mails.php index 2520ae5364..cc1d3db2f5 100644 --- a/inc/mails/beg_mails.php +++ b/inc/mails/beg_mails.php @@ -122,7 +122,7 @@ LIMIT 1", } else { // Send normal notification mail to the members $message = loadEmailTemplate('beg_' . $mode . '_notify', $content, $content['userid']); - sendEmail($content['email'], '{--BEG_RALLYE_' . strtoupper($mode) . '_SUBJECT--}', $message); + sendEmail($content['userid'], '{--BEG_RALLYE_' . strtoupper($mode) . '_SUBJECT--}', $message); } } // END - while diff --git a/inc/mails/bonus_mails.php b/inc/mails/bonus_mails.php index f7bf926069..9927f8c33f 100644 --- a/inc/mails/bonus_mails.php +++ b/inc/mails/bonus_mails.php @@ -111,7 +111,7 @@ LIMIT 1", } else { // Send normal notification mail to the members $message = loadEmailTemplate('bonus_' . $mode . '_notify', $content, $content['userid']); - sendEmail($content['email'], '{--MEMBER_BONUS_RALLYE_' . strtoupper($mode) . '_SUBJECT--}', $message); + sendEmail($content['userid'], '{--MEMBER_BONUS_RALLYE_' . strtoupper($mode) . '_SUBJECT--}', $message); } } // END - while diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 70ea1ef7e1..1716bf3549 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -762,7 +762,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $ } // END - if // Is the raw userid set? - if (postRequestParameter($userid, $id) > 0) { + if (postRequestParameter($useridColumn, $id) > 0) { // Load email template if (!empty($subjectPart)) { $mail = loadEmailTemplate('member_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content); @@ -771,7 +771,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $ } // Send email out - sendEmail(postRequestParameter($userid, $id), strtoupper('{--MEMBER_' . $subject . '_' . $table . '_SUBJECT--}'), $mail); + sendEmail(postRequestParameter($useridColumn, $id), strtoupper('{--MEMBER_' . $subject . '_' . $table . '_SUBJECT--}'), $mail); } // END - if // Generate subject @@ -779,9 +779,9 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $ // Send admin notification out if (!empty($subjectPart)) { - sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($useridColumn, $id)); } else { - sendAdminNotification($subject, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($useridColumn, $id)); } } diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php index a9cab39d96..2f0808e26f 100644 --- a/inc/modules/admin/what-config_points.php +++ b/inc/modules/admin/what-config_points.php @@ -135,7 +135,7 @@ WHERE if ((isSqlsValid()) && (isSqlsValid())) { if (strpos($GLOBALS['sqls'][0], 'INSERT') > -1) { - $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_refdepths` WHERE `level`='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_refdepths` WHERE `level`=%s LIMIT 1", array(bigintval(postRequestParameter('level'))), __FILE__, __LINE__); SQL_FREERESULT($result); } // END - if diff --git a/inc/modules/admin/what-list_links.php b/inc/modules/admin/what-list_links.php index bd642d7818..13f3f973af 100644 --- a/inc/modules/admin/what-list_links.php +++ b/inc/modules/admin/what-list_links.php @@ -73,7 +73,7 @@ if (isGetRequestParameterSet('userid')) { // Prepare mail and send it away $message = loadEmailTemplate('member_delete_links', SQL_NUMROWS($result), bigintval(getRequestParameter('userid'))); - sendEmail(getUserData('email'), '{--ADMIN_DELETE_LINK_SUBJECT--}', $message); + sendEmail(getUserData('userid'), '{--ADMIN_DELETE_LINK_SUBJECT--}', $message); // Display message displayMessage('{--ADMIN_LINKS_DELETED--}'); diff --git a/inc/modules/admin/what-list_payouts.php b/inc/modules/admin/what-list_payouts.php index 12f1dd24c2..b312d65338 100644 --- a/inc/modules/admin/what-list_payouts.php +++ b/inc/modules/admin/what-list_payouts.php @@ -150,7 +150,7 @@ LIMIT 1", } // Finally send mail - sendEmail(getUserData('email'), '{--MEMBER_PAYOUT_ACCEPTED_SUBJECT--}', $message); + sendEmail(getUserData('userid'), '{--MEMBER_PAYOUT_ACCEPTED_SUBJECT--}', $message); } else { // Something goes wrong... :-( $content = implode('
', $ret); @@ -190,7 +190,7 @@ LIMIT 1", displayMessage('{--ADMIN_PAYOUT_REJECTED_NOTIFIED--}'); // Finally send mail - sendEmail(getUserData('email'), '{--MEMBER_PAYOUT_REJECTED_SUBJECT--}', $message); + sendEmail(getUserData('userid'), '{--MEMBER_PAYOUT_REJECTED_SUBJECT--}', $message); } else { // Prepare content $content = array( diff --git a/inc/modules/admin/what-list_refs.php b/inc/modules/admin/what-list_refs.php index 6ec64e04fc..8179b6a384 100644 --- a/inc/modules/admin/what-list_refs.php +++ b/inc/modules/admin/what-list_refs.php @@ -80,7 +80,7 @@ ORDER BY // Is the refback still active? ;-) if (isExtensionActive('refback')) { // Load all refs of this user - $result_refs = SQL_QUERY_ESC("SELECT `refid` FROM `{?_MYSQL_PREFIX?}_user_refs` WHERE `userid`=%s AND `level`='%s' ORDER BY refid ASC", + $result_refs = SQL_QUERY_ESC("SELECT `refid` FROM `{?_MYSQL_PREFIX?}_user_refs` WHERE `userid`=%s AND `level`=%s ORDER BY `refid` ASC", array($userid, $levels['level']), __FILE__, __LINE__); //* DEBUG: */ debugOutput($userid.'/'.$levels['level'].'/'.SQL_NUMROWS($result_refs)); diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php index 715ae4df2f..6b3f0a5267 100644 --- a/inc/modules/admin/what-sub_points.php +++ b/inc/modules/admin/what-sub_points.php @@ -50,7 +50,7 @@ if (getRequestParameter('userid') == 'all') { $content['points'] = bigintval(postRequestParameter('points')); // Load userid - $result_main = SQL_QUERY("SELECT userid, email FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status`='CONFIRMED' ORDER BY `userid` ASC", + $result_main = SQL_QUERY("SELECT `userid`, `email` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status`='CONFIRMED' ORDER BY `userid` ASC", __FILE__, __LINE__); while ($row = SQL_FETCHARRAY($result_main)) { // Merge both arrays @@ -67,7 +67,7 @@ if (getRequestParameter('userid') == 'all') { // Load message and send it away $message = loadEmailTemplate('member_sub_points', $content, bigintval($content['userid'])); - sendEmail($content['email'], '{--ADMIN_SUB_SUBJECT--}', $message); + sendEmail($row['userid'], '{--ADMIN_SUB_SUBJECT--}', $message); } // END - while // Free memory @@ -97,7 +97,7 @@ if (getRequestParameter('userid') == 'all') { // Load email and send it away $message = loadEmailTemplate('member_sub_points', $content, bigintval(getRequestParameter('userid'))); - sendEmail($content['email'], '{--ADMIN_SUB_SUBJECT--}', $message); + sendEmail(getRequestParameter('userid'), '{--ADMIN_SUB_SUBJECT--}', $message); // Output message displayMessage('{--ADMIN_POINTS_SUBTRACTED--}'); diff --git a/inc/modules/admin/what-user_contct.php b/inc/modules/admin/what-user_contct.php index 6e9e43f4cd..03f6629995 100644 --- a/inc/modules/admin/what-user_contct.php +++ b/inc/modules/admin/what-user_contct.php @@ -62,7 +62,7 @@ if ((isGetRequestParameterSet('userid')) && (bigintval(getRequestParameter('user $message = loadEmailTemplate('member_contct', $content, getRequestParameter('userid')); // Send contact form out - sendEmail($content['email'], '{--ADMIN_CONTACT_USER_SUBJECT--}', $message); + sendEmail($content['userid'], '{--ADMIN_CONTACT_USER_SUBJECT--}', $message); // Display message displayMessage('{--ADMIN_USER_CONTACTED--}'); diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index deb31075c9..8d4abf712d 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -62,7 +62,7 @@ if ((isMemberIdSet()) && (isSessionVariableSet('u_hash'))) { $userid = getMemberId(); } elseif ((isPostRequestParameterSet('id')) && (isPostRequestParameterSet('password')) && (isFormSent())) { // Set userid and crypt password when login data was submitted - if ((isExtensionActive('nickname')) && (isNicknameUsed(postRequestParameter('id')))) { + if (isNicknameUsed(postRequestParameter('id'))) { // Nickname entered $userid = SQL_ESCAPE(postRequestParameter('id')); } else { @@ -72,9 +72,12 @@ if ((isMemberIdSet()) && (isSessionVariableSet('u_hash'))) { } elseif (isPostRequestParameterSet('new_pass')) { // New password requested $userid = '0'; - if (isPostRequestParameterSet('id')) { + if (isPostRequestParameterSet('email')) { + // Email is set + $userid = SQL_ESCAPE(postRequestParameter('email')); + } elseif (isPostRequestParameterSet('id')) { // Do we have nickname or userid? - if ((isExtensionActive('nickname')) && (isNicknameUsed(postRequestParameter('id')))) { + if (isNicknameUsed(postRequestParameter('id'))) { // Nickname entered $userid = SQL_ESCAPE(postRequestParameter('id')); } else { @@ -84,7 +87,8 @@ if ((isMemberIdSet()) && (isSessionVariableSet('u_hash'))) { } // END - if } else { // Not logged in - $userid = '0'; $hash = ''; + $userid = '0'; + $hash = ''; } if (isMember()) { diff --git a/inc/modules/member/what-points.php b/inc/modules/member/what-points.php index 2741f08b74..a9e39378d6 100644 --- a/inc/modules/member/what-points.php +++ b/inc/modules/member/what-points.php @@ -61,11 +61,11 @@ if (isExtensionInstalledAndNewer('bonus', '0.4.4')) $numDepths += 4; $content['rowspan'] = ($numDepths * 2 + 15); // Initialize array elements -$content['part_points'] = '0.00000'; -$content['part_referals'] = '0'; -$content['part_locked'] = '0.00000'; -$content['part_order'] = '0.00000'; -$content['part_locked_order'] = '0.00000'; +$content['part_points'] = '0.00000'; +$content['part_referals'] = '0'; +$content['part_locked'] = '0.00000'; +$content['part_order'] = '0.00000'; +$content['part_locked_order'] = '0.00000'; $content['counter'] = '0'; $content['points'] = '0.00000'; $content['order_points'] = '0.00000'; diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php index 49b6390c79..1c78c583dd 100644 --- a/inc/modules/member/what-transfer.php +++ b/inc/modules/member/what-transfer.php @@ -162,11 +162,11 @@ switch ($mode) { // First send email to recipient $message = loadEmailTemplate('member_transfer_recipient', $content, postRequestParameter('to_userid')); - sendEmail($content['recipient']['email'], '{--TRANSFER_MEMBER_RECIPIENT_SUBJECT--}' . ': ' . $SENDER, $message); + sendEmail($content['recipient']['userid'], '{--TRANSFER_MEMBER_RECIPIENT_SUBJECT--}' . ': ' . $SENDER, $message); // Second send email to sender $message = loadEmailTemplate('member_transfer_sender', $content, getMemberId()); - sendEmail($content['sender']['email'], '{--TRANSFER_MEMBER_SENDER_SUBJECT--}' . ': ' . $RECIPIENT, $message); + sendEmail($content['sender']['userid'], '{--TRANSFER_MEMBER_SENDER_SUBJECT--}' . ': ' . $RECIPIENT, $message); // At last send admin mail(s) $adminSubject = sprintf("%s (%s->%s)", '{--TRANSFER_ADMIN_SUBJECT--}', $SENDER, $RECIPIENT); diff --git a/inc/modules/order.php b/inc/modules/order.php index c12566fa87..e47f21b2c7 100644 --- a/inc/modules/order.php +++ b/inc/modules/order.php @@ -107,7 +107,7 @@ if (empty($url)) { // Create new task (we ignore the task id here) createNewTask( '{--ADMIN_NEW_QUEUE--}', - '
'.loadEmailTemplate('admin_order_normal', $content, getMemberId()).'
', + '
' . loadEmailTemplate('admin_order_normal', $content, getMemberId()) . '
', 'MEMBER_ORDER', getMemberId(), 0, diff --git a/inc/monthly/monthly_beg.php b/inc/monthly/monthly_beg.php index fa34df7d04..56a93a0786 100644 --- a/inc/monthly/monthly_beg.php +++ b/inc/monthly/monthly_beg.php @@ -87,7 +87,7 @@ LIMIT {?beg_ranks?}", __FILE__, __LINE__); // Load email template and email it away $message = loadEmailTemplate('member_beg', $content, bigintval($content['userid'])); - sendEmail($content['email'], '{--BEG_MONTHLY_RALLYE--}', $message); + sendEmail($content['userid'], '{--BEG_MONTHLY_RALLYE--}', $message); } // END - while // Reset accounts diff --git a/inc/monthly/monthly_bonus.php b/inc/monthly/monthly_bonus.php index a4b8f85652..037b2a949c 100644 --- a/inc/monthly/monthly_bonus.php +++ b/inc/monthly/monthly_bonus.php @@ -95,7 +95,7 @@ LIMIT {?bonus_ranks?}', __FILE__, __LINE__); // Load email template and email it away $message = loadEmailTemplate('member_bonus', $content, bigintval($content['userid'])); - sendEmail($content['email'], '{--MEMBER_MONTHLY_BONUS_WON_SUBJECT--}', $message); + sendEmail($content['userid'], '{--MEMBER_MONTHLY_BONUS_WON_SUBJECT--}', $message); } // END - if } // END - while diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 9be835047a..41a80d2e7d 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -989,7 +989,7 @@ function getReferalLevelPercents ($level) { } // END - if } elseif (!isExtensionActive('cache')) { // Get referal data - $result_level = SQL_QUERY_ESC("SELECT `percents` FROM `{?_MYSQL_PREFIX?}_refdepths` WHERE `level`='%s' LIMIT 1", + $result_level = SQL_QUERY_ESC("SELECT `percents` FROM `{?_MYSQL_PREFIX?}_refdepths` WHERE `level`=%s LIMIT 1", array(bigintval($level)), __FUNCTION__, __LINE__); // Entry found? @@ -1175,8 +1175,11 @@ function updateReferalCounter ($userid) { //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid='.$userid.',level='.$GLOBALS['cache_array']['ref_level'][$userid]); // Update counter - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_refsystem` SET `counter`=`counter`+1 WHERE `userid`=%s AND `level`='%s' LIMIT 1", - array(bigintval($userid), $GLOBALS['cache_array']['ref_level'][$userid]), __FUNCTION__, __LINE__); + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_refsystem` SET `counter`=`counter`+1 WHERE `userid`=%s AND `level`=%s LIMIT 1", + array( + bigintval($userid), + bigintval($GLOBALS['cache_array']['ref_level'][$userid]) + ), __FUNCTION__, __LINE__); // When no entry was updated then we have to create it here //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'updated=' . SQL_AFFECTEDROWS()); diff --git a/inc/pool/pool-bonus.php b/inc/pool/pool-bonus.php index cc404ca1f5..b2a2020bd9 100644 --- a/inc/pool/pool-bonus.php +++ b/inc/pool/pool-bonus.php @@ -102,10 +102,10 @@ if ($GLOBALS['pool_cnt'] < getMaxSend()) { // Send mail away if (isset($DATA['html_msg'])) { // Send HTML? - sendEmail(getUserData('email'), $DATA['subject'], $mailText, $DATA['html_msg']); + sendEmail(getUserData('userid'), $DATA['subject'], $mailText, $DATA['html_msg']); } else { // No HTML mail! - sendEmail(getUserData('email'), $DATA['subject'], $mailText); + sendEmail(getUserData('userid'), $DATA['subject'], $mailText); } // Count one up and remove entry from dummy array diff --git a/inc/pool/pool-user.php b/inc/pool/pool-user.php index 910a96bb8c..906ceb9d1d 100644 --- a/inc/pool/pool-user.php +++ b/inc/pool/pool-user.php @@ -146,7 +146,7 @@ if (!SQL_HASZERONUMS($result_main)) { $mailText = loadEmailTemplate('member_user_pool_normal', $DATA, bigintval($userid)); // Send mail away - sendEmail(getUserData('email'), $DATA['subject'], $mailText, $isHtml); + sendEmail(getUserData('userid'), $DATA['subject'], $mailText, $isHtml); // Count sent mails... SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `emails_sent`=`emails_sent`+1 WHERE `userid`=%s LIMIT 1", @@ -203,7 +203,7 @@ if (!SQL_HASZERONUMS($result_main)) { $mailText = loadEmailTemplate('member_user_pool_done', $content, $DATA['sender_userid']); // Send it also waway - sendEmail(getUserData('email'), '{--MEMBER_SEND_DONE_SUBJECT--}', $mailText); + sendEmail(getUserData('userid'), '{--MEMBER_SEND_DONE_SUBJECT--}', $mailText); } // END - if // Set status to SEND because we completely send it away @@ -293,7 +293,7 @@ if (!SQL_HASZERONUMS($result_main)) { $mailText = loadEmailTemplate('member_user_pool_back', $content, bigintval($userid)); // Send mail out to member - sendEmail(getUserData('email'), '{--MEMBER_BACK_JACKPOT--}' . ' (' . $userid . ')', $mailText); + sendEmail($userid, '{--MEMBER_BACK_JACKPOT--}' . ' (' . $userid . ')', $mailText); } elseif (isExtensionActive('jackpot')) { // Add to jackpot addPointsToJackpot($PB); diff --git a/inc/purge/purge-inact.php b/inc/purge/purge-inact.php index 917ff93dd1..732cff5354 100644 --- a/inc/purge/purge-inact.php +++ b/inc/purge/purge-inact.php @@ -100,7 +100,7 @@ ORDER BY // Load mail template $message = loadEmailTemplate('member_autopurge_inactive', $content, bigintval($content['userid'])); - sendEmail($content['email'], '{--MEMBER_AUTOPURGE_INACTIVE_SUBJECT--}', $message); + sendEmail($content['userid'], '{--MEMBER_AUTOPURGE_INACTIVE_SUBJECT--}', $message); // Update this account addSql(SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `ap_notified`=UNIX_TIMESTAMP() WHERE `userid`=%s LIMIT 1", diff --git a/inc/request-functions.php b/inc/request-functions.php index 799d4e38dd..86db766d42 100644 --- a/inc/request-functions.php +++ b/inc/request-functions.php @@ -70,9 +70,9 @@ function getRequestParameter ($element) { // Checks if an element in $_GET exists function isGetRequestParameterSet ($element, $subElement = '') { if (empty($subElement)) { - return ((isset($GLOBALS['raw_request']['get'][$element])) && (!empty($GLOBALS['raw_request']['get'][$element]))); + return ((isset($GLOBALS['raw_request']['get'][$element])) && ('' . ($GLOBALS['raw_request']['get'][$element] . '') != '')); } else { - return ((isset($GLOBALS['raw_request']['get'][$element][$subElement])) && (!empty($GLOBALS['raw_request']['get'][$element][$subElement]))); + return ((isset($GLOBALS['raw_request']['get'][$element][$subElement])) && ('' . ($GLOBALS['raw_request']['get'][$element][$subElement] . '') != '')); } } @@ -149,9 +149,9 @@ function postRequestParameter ($element, $subElement=null) { // Checks if an element in $_POST exists function isPostRequestParameterSet ($element, $subElement=null) { if (is_null($subElement)) { - return ((isset($GLOBALS['raw_request']['post'][$element])) && (isset($GLOBALS['raw_request']['post'][$element]))); + return ((isset($GLOBALS['raw_request']['post'][$element])) && (('' . $GLOBALS['raw_request']['post'][$element] . '') != '')); } else { - return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (isset($GLOBALS['raw_request']['post'][$element][$subElement]))); + return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (('' . $GLOBALS['raw_request']['post'][$element][$subElement] . '') != '')); } } diff --git a/inc/template-functions.php b/inc/template-functions.php index 4f4381e424..f042d3e079 100644 --- a/inc/template-functions.php +++ b/inc/template-functions.php @@ -218,7 +218,7 @@ function doFinalCompilation ($code, $insertComments = true, $enableCodes = true) $count = 0; // Compile all out - while (((strpos($code, '{--') !== false) || (strpos($code, '{DQUOTE}') !== false) || (strpos($code, '{?') !== false) || (strpos($code, '{%') !== false)) && ($count < 5)) { + while (((strpos($code, '{--') !== false) || (strpos($code, '{DQUOTE}') !== false) || (strpos($code, '{?') !== false) || (strpos($code, '{%') !== false)) && ($count < 7)) { // Init common variables $content = array(); $newContent = ''; @@ -443,12 +443,15 @@ function loadEmailTemplate ($template, $content = array(), $userid = '0', $loadU if ((isValidUserId($userid)) && (is_array($content))) { // If nickname extension is installed, fetch nickname as well if ((isExtensionActive('nickname')) && (isNicknameUsed($userid))) { - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "NICKNAME!
"); // Load by nickname + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "NICKNAME!
"); fetchUserData($userid, 'nickname'); + } elseif (isNicknameUsed($userid)) { + // Non-number characters entered but no ext-nickname found + debug_report_bug(__FUNCTION__, __LINE__, 'userid=' . $userid . ': is no id number and ext-nickname is gone.'); } else { - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "NO-NICK!
"); // Load by userid + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "NO-NICK!
"); fetchUserData($userid); } @@ -1580,9 +1583,9 @@ function sendModeMails ($mod, $modes) { } // Send email to user if required - if ((!empty($sub_mem)) && (!empty($message)) && (!empty($content['email']))) { + if ((!empty($sub_mem)) && (!empty($message)) && (!empty($content['userid']))) { // Send member mail - sendEmail($content['email'], $sub_mem, $message); + sendEmail($content['userid'], $sub_mem, $message); } // END - if // Send only if no other error has occured diff --git a/templates/de/emails/guest/guest_request_confirm.tpl b/templates/de/emails/guest/guest_request_confirm.tpl index 94f6c844a8..7d32e9eed3 100644 --- a/templates/de/emails/guest/guest_request_confirm.tpl +++ b/templates/de/emails/guest/guest_request_confirm.tpl @@ -3,7 +3,7 @@ Hallo {%user,gender,translateGender=$userid%} {%user,surname=$userid%} {%user,fa Sie hatten sich zu unserem {?mt_word?} {?MAIN_TITLE?} angemeldet und heute Ihren Bestätigungslink erneut angefordert, jedoch bis jetzt noch nicht Ihre eMail-Adresse bestätigt. Diesen Schritt können Sie jetzt nachholen. Danach können Sie sich im Mitgliedsbereich einloggen. Hier ist Ihr Bestätigungslink: -{?URL?}/confirm.php?hash=$content[hash] +{?URL?}/confirm.php?hash={%user,user_hash=$userid%} Vielen Dank.