From: Roland Häder Date: Mon, 11 Feb 2008 21:54:21 +0000 (+0000) Subject: query masking rewritten in more SQLs, several cleanups and fix on beg link X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=4d6226782aa4ba157dca8c3891412ba50159481f query masking rewritten in more SQLs, several cleanups and fix on beg link --- diff --git a/beg.php b/beg.php index baffdec97f..8ce9419818 100644 --- a/beg.php +++ b/beg.php @@ -37,42 +37,36 @@ require_once("inc/libs/security_functions.php"); // Init "action" and "what" global $what, $action; $GLOBALS['what'] = ""; $GLOBALS['action'] = ""; -if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']); -if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']); // Set module $GLOBALS['module'] = "beg"; $GLOBALS['refid'] = 0; $CSS = -1; +$msg = null; // Load the required file(s) require ("inc/config.php"); // Is the script installed? -if (defined('mxchange_installed') && (mxchange_installed)) -{ +if (defined('mxchange_installed') && (mxchange_installed)) { // Check for userid - if (!empty($_GET['uid'])) - { + if (!empty($_GET['uid'])) { + // Init user ID $uid = 0; - if (bigintval($_GET['uid']) != $_GET['uid']) - { - if (EXT_IS_ACTIVE("nickname")) - { + + // Validate if it is not a number + if (bigintval($_GET['uid']) !== "".$_GET['uid']."") { + if (EXT_IS_ACTIVE("nickname")) { // Maybe we have found a nickname? $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($_GET['uid']), __FILE__, __LINE__); - } - else - { + } else { // Nickname entered but nickname is not active $msg = CODE_EXTENSION_PROBLEM; $uid = -1; $result = false; } - } - else - { + } else { // Direct userid $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($_GET['uid'])), __FILE__, __LINE__); @@ -80,19 +74,16 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Check if locked in so don't pay points $login = false; $status = "failed"; - if (IS_LOGGED_IN()) - { + if (IS_LOGGED_IN()) { // Logged in user detected! $login = true; } // Check if account was found - if ((SQL_NUMROWS($result) == 1) && ($result != false)) - { + if ((SQL_NUMROWS($result) == 1) && ($result != false)) { // Found an ID so we simply set it list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result); - if ($status == "CONFIRMED") - { + if ($status == "CONFIRMED") { // Secure userid $uid = bigintval($uid); @@ -109,9 +100,7 @@ if (defined('mxchange_installed') && (mxchange_installed)) define('__BEG_CLICKS', ($clicks + 1)); define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true)); define('__BEG_POINTS', TRANSLATE_COMMA($POINTS)); - } - else - { + } else { // Other status $uid = "0"; } @@ -120,8 +109,7 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Free memory SQL_FREERESULT($result); - if (($uid > 0) && ($CONFIG['beg_uid'] != $uid)) - { + if (($uid > 0) && ($CONFIG['beg_uid'] != $uid)) { // Update counter $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%d AND status='CONFIRMED' LIMIT 1", array($uid), __FILE__, __LINE__); @@ -129,13 +117,11 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Check for last entry for userid w/o IP number $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > ".(time() - $CONFIG['beg_timeout'])." OR (timeout > ".(time() - $CONFIG['beg_uid_timeout'])." AND userid=%d)) AND remote_ip='%s' LIMIT 1", array($uid, getenv('REMOTE_ADDR')), __FILE__, __LINE__); - if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login)) - { + if ((SQL_NUMROWS($result) == 0) && ($POINTS > 0) && (!$login)) { // Free memory SQL_FREERESULT($result); - if (!IS_ADMIN()) - { + if (!IS_ADMIN()) { // Remember remote address, userid and timestamp for next click // but only when there is no admin begging. // Admins shall be able to test it! @@ -148,28 +134,23 @@ if (defined('mxchange_installed') && (mxchange_installed)) if (($ref_payout > 0) && ($CONFIG['allow_direct_pay'] == 'N')) $locked = true; // Is begging rallye active? - if ($CONFIG['beg_rallye'] == 'Y') - { + if ($CONFIG['beg_rallye'] == 'Y') { // Add points to rallye account $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%d LIMIT 1", array($POINTS, $uid), __FILE__, __LINE__); - } - else - { + } else { // Add points to account ADD_POINTS_REFSYSTEM($uid, $POINTS, false, "0", $locked, strtolower($CONFIG['beg_mode'])); } // Subtract begged points from member account if the admin has selected one - if ($CONFIG['beg_uid'] > 0) - { + if ($CONFIG['beg_uid'] > 0) { // Subtract from this account $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", array($POINTS, bigintval($CONFIG['beg_uid'])), __FILE__, __LINE__); // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { + if (GET_EXT_VERSION("mediadata") >= "0.0.4") { // Update database MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $POINTS); } @@ -177,17 +158,13 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Set message define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true)); - } - elseif ($login) - { + } elseif ($login) { // Logged in user found! define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true)); // Free memory SQL_FREERESULT($result); - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -203,54 +180,42 @@ if (defined('mxchange_installed') && (mxchange_installed)) // Include footer require_once(PATH."inc/footer.php"); - } - elseif (($status != "CONFIRMED") && ($status != "failed")) - { + } elseif (($status != "CONFIRMED") && ($status != "failed")) { // Maybe locked/unconfirmed account? - switch ($status) - { + switch ($status) { case "LOCKED" : $msg = CODE_ID_LOCKED ; break; // Locked account case "UNCONFIRMED": $msg = CODE_ID_UNCONFIRMED; break; // Unconfirmed account } - } - elseif (($uid == "0") || ($status == "failed")) - { + } elseif (($uid == "0") || ($status == "failed")) { // Inalid or locked account, so let's find out $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", array($_GET['uid']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Locked account $msg = CODE_ACCOUNT_LOCKED; - } - else - { + } else { // Invalid nickname! (404) $msg = CODE_USER_404; } // Free memory SQL_FREERESULT($result); - } - elseif ($uid = $CONFIG['beg_uid']) - { + } elseif ($uid == $CONFIG['beg_uid']) { // Webmaster's ID cannot beg for points! $msg = CODE_BEG_SAME_AS_OWN; } // Reload to index module + die("-".$msg."-"); if ((!empty($msg)) && (!empty($msg))) LOAD_URL(URL."/modules.php?module=index&msg=".$msg); - } - else - { + } else { // No userid entered LOAD_URL(URL."/modules.php?module=index"); } -} - else -{ +} else { // You have to configure first! LOAD_URL(URL."/install.php"); } + // Really all done here... ;-) ?> diff --git a/inc/databases.php b/inc/databases.php index 4e453ed9a0..fb6ab7ef2f 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -39,38 +39,38 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // System-wide return codes -define('CODE_WRONG_PASS' , "1"); -define('CODE_WRONG_ID' , "2"); -define('CODE_ID_LOCKED' , "3"); -define('CODE_ID_UNCONFIRMED' , "4"); -define('CODE_UNKNOWN_STATUS' , "5"); -define('CODE_NO_COOKIES' , "6"); -define('CODE_CNTR_FAILED' , "8"); -define('CODE_LOGOUT_DONE' , "8"); -define('CODE_LOGOUT_FAILED' , "9"); -define('CODE_URL_TLOCK' , "10"); -define('CODE_URL_FOUND' , "11"); -define('CODE_OVERLENGTH' , "12"); -define('CODE_SUBJ_URL' , "13"); -define('CODE_BLIST_URL' , "14"); -define('CODE_NO_RECS_LEFT' , "15"); -define('CODE_INVALID_TAGS' , "16"); -define('CODE_MORE_POINTS' , "18"); -define('CODE_COOKIES_DISABLED' , "18"); -define('CODE_DATA_INVALID' , "19"); -define('CODE_POSSIBLE_INVALID' , "20"); -define('CODE_ACCOUNT_LOCKED' , "21"); -define('CODE_USER_404' , "22"); -define('CODE_STATS_404' , "23"); -define('CODE_ALREADY_CONFIRMED', "24"); -define('CODE_ERROR_MAILID' , "25"); -define('CODE_EXTENSION_PROBLEM', "26"); -define('CODE_MORE_RECEIVERS1' , "28"); -define('CODE_MORE_RECEIVERS2' , "28"); -define('CODE_MORE_RECEIVERS3' , "29"); -define('CODE_INVALID_URL' , "30"); -define('CODE_MENU_NOT_VALID' , "31"); -define('CODE_LOGIN_FAILED' , "32"); +define('CODE_WRONG_PASS' , 1); +define('CODE_WRONG_ID' , 2); +define('CODE_ID_LOCKED' , 3); +define('CODE_ID_UNCONFIRMED' , 4); +define('CODE_UNKNOWN_STATUS' , 5); +define('CODE_NO_COOKIES' , 6); +define('CODE_CNTR_FAILED' , 8); +define('CODE_LOGOUT_DONE' , 8); +define('CODE_LOGOUT_FAILED' , 9); +define('CODE_URL_TLOCK' , 10); +define('CODE_URL_FOUND' , 11); +define('CODE_OVERLENGTH' , 12); +define('CODE_SUBJ_URL' , 13); +define('CODE_BLIST_URL' , 14); +define('CODE_NO_RECS_LEFT' , 15); +define('CODE_INVALID_TAGS' , 16); +define('CODE_MORE_POINTS' , 18); +define('CODE_COOKIES_DISABLED' , 18); +define('CODE_DATA_INVALID' , 19); +define('CODE_POSSIBLE_INVALID' , 20); +define('CODE_ACCOUNT_LOCKED' , 21); +define('CODE_USER_404' , 22); +define('CODE_STATS_404' , 23); +define('CODE_ALREADY_CONFIRMED', 24); +define('CODE_ERROR_MAILID' , 25); +define('CODE_EXTENSION_PROBLEM', 26); +define('CODE_MORE_RECEIVERS1' , 28); +define('CODE_MORE_RECEIVERS2' , 28); +define('CODE_MORE_RECEIVERS3' , 29); +define('CODE_INVALID_URL' , 30); +define('CODE_MENU_NOT_VALID' , 31); +define('CODE_LOGIN_FAILED' , 32); // Full version string: /([0-9]){1}\.([0-9]){1}\.([0-9]){1}(-(alpha|beta|pre|rc([1-3]))([0-9]+))?/ // If you understand regular expressions ^^^ you may know how I versionize... ;-) diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 5d2cfd9cff..fc424e0028 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -49,6 +49,9 @@ function SQL_QUERY($sql_string, $F, $L, $compile=false) ".MYSQL_QUERY_STRING."
".$sql_string); + // Debug output + print "Query=".$sql_string.", affected=".SQL_AFFECTEDROWS().", numrows=".SQL_NUMROWS($result)."
\n"; + if (($CSS != "1") && ($CSS != "-1") && (DEBUG_MODE) && (DEBUG_SQL)) { // @@ -174,7 +177,8 @@ function SQL_CLOSE($link, $F, $L) if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($CONFIG['db_hits'])) && (isset($CONFIG['cache_hits'])) && (is_object($CACHE))) { // Update counter for db/cache - $result = SQL_QUERY("UPDATE "._MYSQL_PREFIX."_config SET db_hits='".$CONFIG['db_hits']."', cache_hits='".$CONFIG['cache_hits']."' WHERE config='0' LIMIT 1", __FILE__, __LINE__); + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config='0' LIMIT 1", + array(bigintval($CONFIG['db_hits']), bigintval($CONFIG['cache_hits'])), __FILE__, __LINE__); // Update cache here if (GET_EXT_VERSION("cache") >= "0.1.2") diff --git a/inc/doubler_send.php b/inc/doubler_send.php index c10ece39d9..a6ee2d0a49 100644 --- a/inc/doubler_send.php +++ b/inc/doubler_send.php @@ -112,7 +112,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($CONFIG['doubler_sent_all'] == 'Y')) | if ($uid != $CONFIG['doubler_uid']) { // Add points - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", array($points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/extensions.php b/inc/extensions.php index e8675c7ef3..c12749305c 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -319,24 +319,22 @@ function EXT_IS_ACTIVE ($ext_name, $ignore_admin=false, $ignore_cache=false) ) ); } -// -function GET_EXT_VERSION ($ext_name) -{ - global $EXTENSIONS, $CONFIG; +// Get version from extensions +function GET_EXT_VERSION ($ext_name) { + global $EXTENSIONS, $CONFIG, $CACHE; + $ret = false; + // Extensions are all inactive during installation if ((!mxchange_installed) || (mxchange_installing)) return ""; // Is the cache written? - if (!empty($EXTENSIONS['ext_version'][$ext_name])) - { + if (!empty($EXTENSIONS['ext_version'][$ext_name])) { // Load data from cache $ret = $EXTENSIONS['ext_version'][$ext_name]; // Count cache hits - if (isset($CONFIG['cache_hits'])) $CONFIG['cache_hits']++; - } - else - { + if (isset($CONFIG['cache_hits'])) $CONFIG['cache_hits']++; else $CONFIG['cache_hits'] = 1; + } elseif (!is_object($CACHE)) { // Load from database $result = SQL_QUERY_ESC("SELECT ext_version FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='%s' LIMIT 1", array($ext_name), __FILE__, __LINE__); diff --git a/inc/extensions/ext-sql_patches.php b/inc/extensions/ext-sql_patches.php index 998a9c4728..0a2a307e92 100644 --- a/inc/extensions/ext-sql_patches.php +++ b/inc/extensions/ext-sql_patches.php @@ -513,6 +513,13 @@ PRIMARY KEY (id) // Update notes (these will be set as task text!) $UPDATE_NOTES = "Email-Verwaltung nach Email-Management umbenannt."; break; + + case "0.4.1": // SQL queries for v0.4.1 + $SQLs[] = " ALTER TABLE `"._MYSQL_PREFIX."_user_data` DROP INDEX `status` , ADD INDEX `status` ( `status` , `max_mails` )"; + + // Update notes (these will be set as task text!) + $UPDATE_NOTES = "Tabellen-Schlüssel neu gesetzt."; + break; } break; diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index e3e1ca6311..eb79a8c705 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -40,24 +40,22 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // function ADMINS_CHECK_ACL($act, $wht) { - global $_COOKIE, $ADMINS, $ADMINS_ACLS, $CONFIG; + global $ADMINS, $ADMINS_ACLS, $CONFIG, $CACHE; // If action is login or logout allow allways! + $default = "allow"; if (($act == "login") || ($act == "logout")) return true; // Default is deny $ret = false; // Get admin's defult access right - if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) - { + if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) { // Load from cache $default = $ADMINS['def_acl'][$_COOKIE['admin_login']]; // Count cache hits $CONFIG['cache_hits']++; - } - else - { + } elseif (!is_object($CACHE)) { // Load from database $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($_COOKIE['admin_login']), __FILE__, __LINE__); diff --git a/inc/libs/autopurge_functions.php b/inc/libs/autopurge_functions.php index 7318af1078..f6bd9f340b 100644 --- a/inc/libs/autopurge_functions.php +++ b/inc/libs/autopurge_functions.php @@ -67,7 +67,7 @@ function AUTOPURGE_ADD_POINTS($uid, $points) else { // .. to user's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", array($target, $target, $points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/libs/cache_functions.php b/inc/libs/cache_functions.php index be3b0cee40..19cebed629 100644 --- a/inc/libs/cache_functions.php +++ b/inc/libs/cache_functions.php @@ -49,8 +49,7 @@ class mxchange_cache var $cache_pointer = false; // Constructor - function mxchange_cache($interval, $path, $tested) - { + function mxchange_cache($interval, $path, $tested) { // Remember interval in class $this->update_interval=$interval; diff --git a/inc/libs/rallye_functions.php b/inc/libs/rallye_functions.php index 53eee415d7..b498578213 100644 --- a/inc/libs/rallye_functions.php +++ b/inc/libs/rallye_functions.php @@ -109,7 +109,7 @@ function RALLYE_AUTOSTART_RALLYES($result) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth='1' AND p.points > 0 AND d.userid=%d", +WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d", array($CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__); list($cpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); @@ -233,7 +233,7 @@ WHERE u.rallye_id=%d AND r.counter > 0 ORDER BY u.refs DESC", $result_ref = SQL_QUERY_ESC("SELECT DISTINCT p.points FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE d.userid=%d AND d.status='CONFIRMED' AND p.ref_depth='1' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s +WHERE d.userid=%d AND d.status='CONFIRMED' AND p.ref_depth=1 AND d.max_mails > 0 AND d.mails_confirmed >= %s AND d.last_online >= %s LIMIT 1", array(bigintval($uid), $CONFIG['ref_payout'], $since), __FILE__, __LINE__); list($refpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); @@ -406,7 +406,7 @@ LIMIT 1", array(bigintval($uid), $since), __FILE__, __LINE__); if ($DATA['points'] > 0) { // Add points directly to user's account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", array($DATA['points'], bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well @@ -564,7 +564,7 @@ function RALLYE_LOAD_USERS_ARRAY($rallye) FROM "._MYSQL_PREFIX."_user_points AS p LEFT JOIN "._MYSQL_PREFIX."_user_data AS d ON p.userid=d.userid -WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth='1' AND p.points > 0 AND d.userid=%d", +WHERE d.status='CONFIRMED' AND d.max_mails > 0 AND d.mails_confirmed >= %s AND p.ref_depth=1 AND p.points > 0 AND d.userid=%d", array($CONFIG['ref_payout'], bigintval($uid)), __FILE__, __LINE__); list($refpoints) = SQL_FETCHROW($result_ref); SQL_FREERESULT($result_ref); diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 0ee1d5157f..6efa17c259 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -522,7 +522,7 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") return $OUT; } // -function ADMIN_SAVE_SETTINGS (&$POST, $TABLE, $WHERE="config='1'", $translateComma = array(), $alwaysAdd=false) +function ADMIN_SAVE_SETTINGS (&$POST, $TABLE="_config", $WHERE="config=0", $translateComma = array(), $alwaysAdd=false) { global $CONFIG, $CFG_CACHE, $CACHE; $DATA = array(); diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php index 444d18f04a..a71bb71c18 100644 --- a/inc/modules/admin/what-add_points.php +++ b/inc/modules/admin/what-add_points.php @@ -65,7 +65,7 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1", array($_POST['points'], bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well @@ -108,7 +108,7 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1", array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__); // Remember points in constant diff --git a/inc/modules/admin/what-config_active.php b/inc/modules/admin/what-config_active.php index 7f63f917e0..ccfc154765 100644 --- a/inc/modules/admin/what-config_active.php +++ b/inc/modules/admin/what-config_active.php @@ -40,18 +40,16 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -if (isset($_POST['ok'])) -{ +if (isset($_POST['ok'])) { // Save data - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); -} - else -{ + ADMIN_SAVE_SETTINGS($_POST); +} else { // Minimum mails / active define('__LIMIT_VALUE', $CONFIG['active_limit']); // Load template LOAD_TEMPLATE("admin_config_active"); } + // ?> diff --git a/inc/modules/admin/what-config_admin.php b/inc/modules/admin/what-config_admin.php index b0823e25cc..2997e4f758 100644 --- a/inc/modules/admin/what-config_admin.php +++ b/inc/modules/admin/what-config_admin.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_autopurge.php b/inc/modules/admin/what-config_autopurge.php index e1b31b971e..044e9b7e5d 100644 --- a/inc/modules/admin/what-config_autopurge.php +++ b/inc/modules/admin/what-config_autopurge.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Data was submitted so we store it - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_beg.php b/inc/modules/admin/what-config_beg.php index 32a8225e21..df66f24230 100644 --- a/inc/modules/admin/what-config_beg.php +++ b/inc/modules/admin/what-config_beg.php @@ -49,7 +49,7 @@ if (isset($_POST['ok'])) $_POST['beg_notify_bonus'] = str_replace(",", ".", $_POST['beg_notify_bonus']); // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); // Remember new settings $CONFIG['beg_rallye'] = $_POST['beg_rallye']; diff --git a/inc/modules/admin/what-config_birthday.php b/inc/modules/admin/what-config_birthday.php index 6d77eacf9b..60ff7ee34a 100644 --- a/inc/modules/admin/what-config_birthday.php +++ b/inc/modules/admin/what-config_birthday.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_bonus.php b/inc/modules/admin/what-config_bonus.php index 0b0ae7703b..5c351478a5 100644 --- a/inc/modules/admin/what-config_bonus.php +++ b/inc/modules/admin/what-config_bonus.php @@ -63,7 +63,7 @@ if (isset($_POST['ok'])) if (empty($_POST['turbo_rates'])) $_POST['turbo_rates'] = "".round($CONFIG['turbo_bonus'] / 2).";".round($CONFIG['turbo_bonus'] / 4).""; // Save data - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); // Remember new settings $CONFIG['bonus_active'] = $_POST['bonus_active']; diff --git a/inc/modules/admin/what-config_cache.php b/inc/modules/admin/what-config_cache.php index dd5b231829..3de2ab0479 100644 --- a/inc/modules/admin/what-config_cache.php +++ b/inc/modules/admin/what-config_cache.php @@ -83,7 +83,7 @@ if (isset($_POST['ok'])) } // Save configuration - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_doubler.php b/inc/modules/admin/what-config_doubler.php index ff86aa13b2..09c95b1337 100644 --- a/inc/modules/admin/what-config_doubler.php +++ b/inc/modules/admin/what-config_doubler.php @@ -50,7 +50,7 @@ if (isset($_POST['ok'])) $_POST['doubler_left'] = str_replace(",", ".", $_POST['doubler_left']); // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_extensions.php b/inc/modules/admin/what-config_extensions.php index d079f78c71..e941a3b276 100644 --- a/inc/modules/admin/what-config_extensions.php +++ b/inc/modules/admin/what-config_extensions.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save configuration - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_holiday.php b/inc/modules/admin/what-config_holiday.php index 39b50aa255..e903b6265c 100644 --- a/inc/modules/admin/what-config_holiday.php +++ b/inc/modules/admin/what-config_holiday.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_home.php b/inc/modules/admin/what-config_home.php index 5a72347a08..e606232a75 100644 --- a/inc/modules/admin/what-config_home.php +++ b/inc/modules/admin/what-config_home.php @@ -53,7 +53,7 @@ case "settings": // Settings related to the index page if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); OUTPUT_HTML("".ADMIN_CONTINUE_TO_CONFIG.""); } else diff --git a/inc/modules/admin/what-config_mediadata.php b/inc/modules/admin/what-config_mediadata.php index d089f14849..6dfdbcd66b 100644 --- a/inc/modules/admin/what-config_mediadata.php +++ b/inc/modules/admin/what-config_mediadata.php @@ -72,7 +72,7 @@ if (isset($_POST['ok'])) if (isset($_POST['ok'])) { // Save data - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_newsletter.php b/inc/modules/admin/what-config_newsletter.php index 61536e4822..9abc620029 100644 --- a/inc/modules/admin/what-config_newsletter.php +++ b/inc/modules/admin/what-config_newsletter.php @@ -46,7 +46,7 @@ if (isset($_POST['ok'])) // Save data $_POST['nl_charge'] = str_replace(",", ".", $_POST['nl_charge']); - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_nickname.php b/inc/modules/admin/what-config_nickname.php index 378a4068b2..30bc33b924 100644 --- a/inc/modules/admin/what-config_nickname.php +++ b/inc/modules/admin/what-config_nickname.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save data - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_order.php b/inc/modules/admin/what-config_order.php index 5714b3a90e..f8b8da5112 100644 --- a/inc/modules/admin/what-config_order.php +++ b/inc/modules/admin/what-config_order.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save data - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_other.php b/inc/modules/admin/what-config_other.php index 03aea0c192..5ba2b844e8 100644 --- a/inc/modules/admin/what-config_other.php +++ b/inc/modules/admin/what-config_other.php @@ -80,7 +80,7 @@ OPEN_TABLE("100%", "admin_content admin_content_align", ""); if (isset($_POST['ok'])) { // Update stamps directly - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_refid.php b/inc/modules/admin/what-config_refid.php index 85dd02f4c1..16d8b3fbcc 100644 --- a/inc/modules/admin/what-config_refid.php +++ b/inc/modules/admin/what-config_refid.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save data - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_reg.php b/inc/modules/admin/what-config_reg.php index aa03249407..a7ae62d1f9 100644 --- a/inc/modules/admin/what-config_reg.php +++ b/inc/modules/admin/what-config_reg.php @@ -57,7 +57,7 @@ if ((empty($_POST['least_cats'])) || (empty($_POST['ip_timeout']))) if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_register2.php b/inc/modules/admin/what-config_register2.php index 915b5c8694..e87b9668b2 100644 --- a/inc/modules/admin/what-config_register2.php +++ b/inc/modules/admin/what-config_register2.php @@ -51,7 +51,7 @@ if (isset($_POST['ok'])) $_POST['least_cats'] = round($_POST['least_cats']); // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_rewrite.php b/inc/modules/admin/what-config_rewrite.php index bc6c58fd7b..a1e728b2fd 100644 --- a/inc/modules/admin/what-config_rewrite.php +++ b/inc/modules/admin/what-config_rewrite.php @@ -59,7 +59,7 @@ if (isset($_POST['ok'])) unset($_POST['mod']); // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_secure.php b/inc/modules/admin/what-config_secure.php index d065ee051b..2ad3c4bf37 100644 --- a/inc/modules/admin/what-config_secure.php +++ b/inc/modules/admin/what-config_secure.php @@ -58,7 +58,7 @@ if (isset($_POST['ok'])) } // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_stats.php b/inc/modules/admin/what-config_stats.php index be02cfa9d5..7caf135647 100644 --- a/inc/modules/admin/what-config_stats.php +++ b/inc/modules/admin/what-config_stats.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_title.php b/inc/modules/admin/what-config_title.php index 87e8890123..68bac70883 100644 --- a/inc/modules/admin/what-config_title.php +++ b/inc/modules/admin/what-config_title.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_top10.php b/inc/modules/admin/what-config_top10.php index c8ccadda28..da7d1e63d2 100644 --- a/inc/modules/admin/what-config_top10.php +++ b/inc/modules/admin/what-config_top10.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_transfer.php b/inc/modules/admin/what-config_transfer.php index e4b9f62ab9..d6dee9d65b 100644 --- a/inc/modules/admin/what-config_transfer.php +++ b/inc/modules/admin/what-config_transfer.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings... - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } // Prepare constants for template diff --git a/inc/modules/admin/what-config_user.php b/inc/modules/admin/what-config_user.php index 986674d620..7cd3c431e7 100644 --- a/inc/modules/admin/what-config_user.php +++ b/inc/modules/admin/what-config_user.php @@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__)); if (isset($_POST['ok'])) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { diff --git a/inc/modules/admin/what-config_wernis.php b/inc/modules/admin/what-config_wernis.php index 7650ae1bad..c4b247a405 100644 --- a/inc/modules/admin/what-config_wernis.php +++ b/inc/modules/admin/what-config_wernis.php @@ -47,7 +47,7 @@ if (isset($_POST['ok'])) { // Let's test the API first (hold your horses here, cowboy! Thanks. :) ) if (WERNIS_TEST_API()) { // Save settings - ADMIN_SAVE_SETTINGS($_POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($_POST); } else { // Failed to test the API! LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_ERROR_MESSAGE()); diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php index 9fc626ce05..7b2afc072f 100644 --- a/inc/modules/admin/what-theme_edit.php +++ b/inc/modules/admin/what-theme_edit.php @@ -85,7 +85,7 @@ if ($SEL > 0) $POST['default_theme'] = $_GET['default_theme']; @setcookie("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH); $_COOKIE['mxchange_theme'] = $POST['default_theme']; - ADMIN_SAVE_SETTINGS($POST, "_config", "config='0'"); + ADMIN_SAVE_SETTINGS($POST); } // Switch to testing mode diff --git a/inc/modules/member/what-payout.php b/inc/modules/member/what-payout.php index 87249d1e4f..d85b830aca 100644 --- a/inc/modules/member/what-payout.php +++ b/inc/modules/member/what-payout.php @@ -53,7 +53,7 @@ $TPTS = "0"; while (list($lvl, $per) = SQL_FETCHROW($result_depths)) { // Load referral points - $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth='%s' LIMIT 1", + $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); if (SQL_NUMROWS($result_points) == 1) { diff --git a/inc/modules/member/what-points.php b/inc/modules/member/what-points.php index aee76fd692..141344d8e1 100644 --- a/inc/modules/member/what-points.php +++ b/inc/modules/member/what-points.php @@ -67,7 +67,7 @@ while (list($lvl, $per) = SQL_FETCHROW($result_depths)) $REFS = "0"; // Load referral points - $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth='%s' LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); + $result_points = SQL_QUERY_ESC("SELECT points, locked_points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1", array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__); if (SQL_NUMROWS($result_points) == 1) { list($POINTS, $LOCKED) = SQL_FETCHROW($result_points); diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php index fdde08146f..13386b10d4 100644 --- a/inc/modules/member/what-transfer.php +++ b/inc/modules/member/what-transfer.php @@ -206,7 +206,7 @@ case "new": // Start new transfer __FILE__, __LINE__); // Add points to account *directly* ... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__); // ... and add it to current user's used points diff --git a/inc/monthly/monthly_beg.php b/inc/monthly/monthly_beg.php index c944d04042..cee4c48d63 100644 --- a/inc/monthly/monthly_beg.php +++ b/inc/monthly/monthly_beg.php @@ -83,7 +83,7 @@ FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' ".$WHERE1." %s AND beg { // Add points to user's account directly $result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points -SET points=points+%s WHERE ref_depth='0' AND userid=%d LIMIT 1", +SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1", array($points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/monthly/monthly_bonus.php b/inc/monthly/monthly_bonus.php index eb98676f30..d877e5e6f9 100644 --- a/inc/monthly/monthly_bonus.php +++ b/inc/monthly/monthly_bonus.php @@ -96,7 +96,7 @@ ORDER BY active_bonus DESC, userid LIMIT %s", // Add points to user's account directly $result_data = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points -SET points=points+%s WHERE ref_depth='0' AND userid=%d LIMIT 1", +SET points=points+%s WHERE ref_depth=0 AND userid=%d LIMIT 1", array($points, bigintval($uid)), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 76fba5d9f7..a2cb2579fa 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -1167,12 +1167,12 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock $P = $points * $per / 100; // Update points... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth='%s' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET %s=%s+%s WHERE userid=%d AND ref_depth=%d LIMIT 1", array($data, $data, $P, bigintval($uid), bigintval($DEPTH)), __FILE__, __LINE__); if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 0) { // First ref in this level! :-) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES ('%s', '%s', '%s')", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, %s) VALUES (%d, %d, %s)", array($data, bigintval($uid), bigintval($DEPTH), $P), __FILE__, __LINE__); } diff --git a/inc/pool-update.php b/inc/pool-update.php index b764392c67..573af01bf9 100644 --- a/inc/pool-update.php +++ b/inc/pool-update.php @@ -259,7 +259,7 @@ if (SQL_NUMROWS($result_main) > 0) { // User does not exists, pay points back $POINTS = GET_PAY_POINTS($DATA[5]); - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth='0' LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", array($POINTS, bigintval($DATA[1])), __FILE__, __LINE__); // Update mediadata as well diff --git a/inc/reset/reset_daily.php b/inc/reset/reset_daily.php index f7b54682eb..ab015cec00 100644 --- a/inc/reset/reset_daily.php +++ b/inc/reset/reset_daily.php @@ -64,7 +64,7 @@ WHERE userid=%d AND locked_points != 0.00000 ORDER BY ref_depth", while (list($dep, $locked) = SQL_FETCHROW($result_points)) { $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s, locked_points=0.00000 -WHERE userid=%d AND ref_depth='%s' LIMIT 1", +WHERE userid=%d AND ref_depth=%d LIMIT 1", array($locked, bigintval($uid), $dep), __FILE__, __LINE__); // Update mediadata as well