From 1ad502eca77b58c9b276f2d09e1bddaf72fcbde0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 18 Jul 2011 10:59:42 +0000 Subject: [PATCH 1/1] SQL fixed, generateRandomCode() improved (is now generating better numbers) --- inc/extensions/ext-funcoins.php | 4 ++-- inc/filters.php | 2 +- inc/functions.php | 6 +++--- inc/libs/task_functions.php | 8 ++++---- inc/libs/wernis_functions.php | 4 ++-- inc/modules/admin/what-list_wernis.php | 9 ++++++++- mailid.php | 6 +++--- 7 files changed, 23 insertions(+), 16 deletions(-) diff --git a/inc/extensions/ext-funcoins.php b/inc/extensions/ext-funcoins.php index 638a5b161e..e60faae3a8 100644 --- a/inc/extensions/ext-funcoins.php +++ b/inc/extensions/ext-funcoins.php @@ -64,7 +64,7 @@ switch (getExtensionMode()) { `funcoins_amount` FLOAT(20,5) UNSIGNED NOT NULL DEFAULT 0.00000 COMMENT 'Transfered amount', `funcoins_timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Booking timestamp', `funcoins_type` ENUM('WITHDRAW','PAYOUT','FAILED') NOT NULL DEFAULT 'FAILED' COMMENT 'Transaction type', -`fucoins_tan` VARCHAR(255) NULL DEFAULT NULL COMMENT 'TAN from API', +`funcoins_tan` VARCHAR(255) NULL DEFAULT NULL COMMENT 'TAN from API', `funcoins_api_response` TINYTEXT COMMENT 'Clear text API response (only for debugging)', `funcoins_api_status` INT(4) NULL DEFAULT NULL COMMENT 'Status code from API', PRIMARY KEY (`id`), @@ -95,7 +95,7 @@ INDEX (`userid`)", // Admin menu addAdminMenuSql('funcoins', NULL, 'FunCoins-Management', 'Konfiguration zur FuCo-Ex² einstellen, Auszahlungen auflisten usw..', 15); addAdminMenuSql('funcoins', 'config_funcoins', 'FuCo-Ex²-Einstellungen', 'Konfiguration zur FuCo-Ex² einstellen.', 1); - addAdminMenuSql('funcoins', 'list_funcoins', 'Anfragen auflisten', 'Listet alle FunCoinsein- und -auszahlungsanfragen Ihrer Mitglieder und Sponsoren auf.', 2); + addAdminMenuSql('funcoins', 'list_funcoins', 'Anfragen auflisten', 'Listet alle FunCoins-Ein- und -Auszahlungsanfragen Ihrer Mitglieder und Sponsoren auf.', 2); // Member menu addMemberMenuSql('main', 'funcoins', 'FunCoins-Ein-/Auszahlungen', 11); diff --git a/inc/filters.php b/inc/filters.php index 57ebf505ba..881eb57395 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -828,7 +828,7 @@ function FILTER_INIT_RANDOM_NUMBER () { // Is the extension ext-sql_patches installed and at least 0.3.6? if ((isExtensionInstalledAndNewer('sql_patches', '0.3.6')) && (isExtensionInstalledAndNewer('other', '0.2.5'))) { // Generate random number - setConfigEntry('RAND_NUMBER', generateRandomCode(10, mt_rand(10000, 32766), getMemberId(), '')); + setConfigEntry('RAND_NUMBER', generateRandomCode(10, mt_rand(10000, 99999), getMemberId(), '')); } else { // Generate *WEAK* code setConfigEntry('RAND_NUMBER', mt_rand(1000000, 9999999)); diff --git a/inc/functions.php b/inc/functions.php index 8ebb913669..610067aa8b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -676,7 +676,7 @@ function generateRandomCode ($length, $code, $userid, $extraData = '') { } // Create number from hash - $rcode = hexdec(substr($saltedHash, 8, 9)) / abs(getRandNo() - $a + sqrt(getConfig('_ADD'))) / pi(); + $rcode = hexdec(substr($saltedHash, getSaltLength(), 9)) / abs(getRandNo() - $a + sqrt(getConfig('_ADD'))) / pi(); // At least 10 numbers shall be secure enought! if (isExtensionActive('other')) { @@ -689,8 +689,8 @@ function generateRandomCode ($length, $code, $userid, $extraData = '') { $len = 10; } // END - if - // Cut off requested counts of number - $return = substr(str_replace('.', '', $rcode), 0, $len); + // Cut off requested counts of number, but skip first digit (which is mostly a zero) + $return = substr($rcode, (strpos($rcode, '.') + 1), $len); // Done building code return $return; diff --git a/inc/libs/task_functions.php b/inc/libs/task_functions.php index b1451b999f..aed64ba5b1 100644 --- a/inc/libs/task_functions.php +++ b/inc/libs/task_functions.php @@ -290,7 +290,7 @@ ORDER BY $WHATs[] = 'list_payouts'; $DESCRs[] = '{--ADMIN_TASK_LIST_PAYOUTS_ALL--}'; $TITLEs[] = '{--ADMIN_TASK_LIST_PAYOUTS_ALL_TITLE--}'; - } + } // END - if if (isExtensionActive('wernis')) { // List new wernis requests @@ -298,7 +298,7 @@ ORDER BY $WHATs[] = 'list_wernis'; $DESCRs[] = '{--ADMIN_TASK_LIST_WERNIS_ALL--}'; $TITLEs[] = '{--ADMIN_TASK_LIST_WERNIS_ALL_TITLE--}'; - } + } // END - if if (isExtensionActive('primera')) { // List new primera requests @@ -306,7 +306,7 @@ ORDER BY $WHATs[] = 'list_primera'; $DESCRs[] = '{--ADMIN_TASK_LIST_PRIMERA_ALL--}'; $TITLEs[] = '{--ADMIN_TASK_LIST_PRIMERA_ALL_TITLE--}'; - } + } // END - if if (isExtensionActive('holiday')) { // List holiday requests @@ -314,7 +314,7 @@ ORDER BY $WHATs[] = 'list_holiday'; $DESCRs[] = '{--ADMIN_TASK_LIST_HOLIDAYS--}'; $TITLEs[] = '{--ADMIN_TASK_LIST_HOLIDAYS_TITLE--}'; - } + } // END - if if (isExtensionInstalledAndNewer('bonus', '0.8.7')) { // List all notifications diff --git a/inc/libs/wernis_functions.php b/inc/libs/wernis_functions.php index b28bc9ee2d..e427eb5f21 100644 --- a/inc/libs/wernis_functions.php +++ b/inc/libs/wernis_functions.php @@ -349,10 +349,10 @@ function WERNIS_LOG_TRANSFER ($wdsId, $amount, $type = 'FAILED', $message = '', // Take fees and factor function WERNIS_TAKE_FEE ($points, $mode) { // Payout or withdraw are allowed modes! - //* DEBUG: */ debugOutput('mode='.$mode.',points='.$points); + //* DEBUG: */ debugOutput('mode=' . $mode . ',points=' . $points); if (!in_array($mode, array('payout', 'withdraw'))) { // Log error and abort - logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . getMemberId() . ',mode=' . $mode . ',points=' . $points); + logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . getMemberId() . ',mode=' . $mode . ',points=' . $points . ' - unknown mode detected.'); return false; } // END - if diff --git a/inc/modules/admin/what-list_wernis.php b/inc/modules/admin/what-list_wernis.php index 5d2d33ecd7..b6b43a7d7c 100644 --- a/inc/modules/admin/what-list_wernis.php +++ b/inc/modules/admin/what-list_wernis.php @@ -45,7 +45,14 @@ addYouAreHereLink('admin', __FILE__); // Check for entries $result = SQL_QUERY('SELECT - `id`, `userid`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type`, `wernis_api_message`, `wernis_api_status` + `id`, + `userid`, + `wernis_account`, + `wernis_amount`, + `wernis_timestamp`, + `wernis_type`, + `wernis_api_message`, + `wernis_api_status` FROM `{?_MYSQL_PREFIX?}_user_wernis` ORDER BY diff --git a/mailid.php b/mailid.php index f93838a1ba..162ff01041 100644 --- a/mailid.php +++ b/mailid.php @@ -57,9 +57,9 @@ setHttpStatus('404 NOT FOUND'); redirectOnUninstalledExtension('mailid'); // Init -$userId = '0'; -$bonusId = '0'; -$mailId = '0'; +$userId = '0'; +$bonusId = '0'; +$mailId = '0'; // Secure all data if (isGetRequestParameterSet('userid')) $userId = bigintval(getRequestParameter('userid')); -- 2.39.2