From ae51687a0bf708aeca3d68263320804ae0dd42ef Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sun, 21 Sep 2008 14:09:05 +0000 Subject: [PATCH] Email templates changed, surfbar extended (dummy) with member actions --- inc/db/lib-mysql3.php | 22 ++-- inc/extensions.php | 70 ++++++------ inc/extensions/ext-surfbar.php | 43 +++++++- inc/functions.php | 9 -- inc/language/de.php | 1 + inc/language/surfbar_de.php | 6 + inc/libs/security_functions.php | 11 +- inc/libs/surfbar_functions.php | 24 +++- inc/modules/admin/overview-inc.php | 104 +++++++----------- inc/modules/admin/what-add_points.php | 21 +++- inc/modules/admin/what-config_surfbar.php | 4 +- inc/modules/admin/what-list_surfbar_urls.php | 21 ++++ inc/modules/admin/what-lock_user.php | 8 +- inc/modules/admin/what-sub_points.php | 21 +++- .../admin/what-unlock_surfbar_urls.php | 11 +- inc/modules/member/what-surfbar_list.php | 9 ++ inc/mysql-manager.php | 8 +- inc/security.php | 11 +- templates/de/emails/add-points.tpl | 4 +- templates/de/emails/del-user.tpl | 2 +- templates/de/emails/lock-user.tpl | 2 +- templates/de/emails/newsletter.tpl | 4 +- templates/de/emails/newsletter_html.tpl | 4 +- templates/de/emails/sub-points.tpl | 4 +- templates/de/emails/unlock-user.tpl | 2 +- .../de/html/admin/admin_config_surfbar.tpl | 9 ++ .../de/html/admin/admin_list_surfbar_urls.tpl | 1 + .../html/admin/admin_unlock_surfbar_urls.tpl | 1 + 28 files changed, 277 insertions(+), 160 deletions(-) diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index c9b5b320c1..3f26d2ce90 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -219,15 +219,18 @@ function SQL_FREERESULT($result) { // SQL string escaping function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) { global $link; + + if ($strip) { + $strip = "true"; + } else { + $strip = "false"; + } + $query = ""; $eval = "\$query = sprintf(\"".$qstring."\""; foreach ($data as $var) { if ((!empty($var)) || ($var === 0)) { - if ($strip) { - $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")"; - } else { - $eval .= ", SQL_ESCAPE(\"".$var."\")"; - } + $eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")"; } else { $eval .= ", ''"; } @@ -240,11 +243,14 @@ function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) { //fwrite($fp, $file."(".$line."): ".str_replace("\r", "", str_replace("\n", " ", $eval))."\n"); //fclose($fp); @eval($eval); + // Was the eval() command fine? if (empty($query)) { + // Something went wrong? print "eval=".htmlentities($eval)."
";
 		debug_print_backtrace();
 		die("
"); - } + } // END - if + if ($run) { // Run SQL query (default) return SQL_QUERY($query, $file, $line); @@ -258,13 +264,13 @@ function SQL_INSERTID() { return @mysql_insert_id(); } // Escape a string for the database -function SQL_ESCAPE($str, $secureString = true) { +function SQL_ESCAPE($str, $secureString=true,$strip=true) { global $link; // Secure string first? (which is the default behaviour!) if ($secureString) { // Then do it here - $str = secureString($str); + $str = secureString($str, $strip); } // END - if if (!is_resource($link)) { diff --git a/inc/extensions.php b/inc/extensions.php index c6721cc010..3973f4132a 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -55,16 +55,17 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name); // Does this extension exists? - if (FILE_READABLE($file)) - { + if (FILE_READABLE($file)) { // Extension was found so we can load it in registration mode require($file); // And run possible updates $EXT_LOAD_MODE = "update"; $EXT_UPDATE_DEPENDS = ""; - foreach ($EXT_VER_HISTORY as $EXT_VER) - { + foreach ($EXT_VER_HISTORY as $EXT_VER) { + // Load extension in update mode require($file); + + // Do we have an update? if (((GET_EXT_VERSION("sql_patches") != "") && ($_CONFIG['verbose_sql'] == "Y")) || (!EXT_IS_ACTIVE("sql_patches"))) { if (!empty($UPDATE_NOTES)) { // Update notes found @@ -77,24 +78,25 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) // No update notes found! $NOTES .= "v".$EXT_VER.":
".NO_UPDATE_NOTES."

\n"; } - } - } + } // END - if + } // END - foreach // Does this extension depends on an outstanding update of another update? - if (!empty($EXT_UPDATE_DEPENDS)) - { + if (!empty($EXT_UPDATE_DEPENDS)) { // Backup SQL commands and clear current - $SQLs2 = $SQLs; $SQLs = array(); $test = false; + $SQLs2 = $SQLs; + $SQLs = array(); + $test = false; // Backup language as well - $LANG_BCK = $EXT_LANG_PREFIX; $EXT_ALWAYS_ACTIVE = "N"; + $LANG_BCK = $EXT_LANG_PREFIX; + $EXT_ALWAYS_ACTIVE = "N"; // Load required extension also in update mode $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $EXT_UPDATE_DEPENDS); // Check for required file - if (FILE_READABLE($file)) - { + if (FILE_READABLE($file)) { // File exists so let's load it $VER_BACKUP = $EXT_VERSION; require($file); @@ -102,35 +104,35 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) // If versions mismatch update extension first $ext_ver = GET_EXT_VERSION($EXT_UPDATE_DEPENDS); - if (empty($ext_ver)) - { + + // Extension version set? + if (empty($ext_ver)) { // Extension not registered so far so first load task's ID... $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE task_type='EXTENSION' AND subject LIKE '[%s:]%%' LIMIT 1", array($EXT_UPDATE_DEPENDS), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + + // Entry found? + if (SQL_NUMROWS($result) == 1) { // Task found so load task's ID and register extension... list($task) = SQL_FETCHROW($result); - SQL_FREERESULT($result); + + // Try to register the extension $test = EXTENSION_REGISTER($EXT_UPDATE_DEPENDS, $task, $dry_run); - } - } - elseif ($ext_ver != $EXT_VERSION) - { + } // END - if + + // Free result + SQL_FREERESULT($result); + } elseif ($ext_ver != $EXT_VERSION) { // Ok, update this extension now EXTENSION_UPDATE(basename($file), $EXT_UPDATE_DEPENDS, $ext_ver, $dry_run); // All okay! $test = true; - } - else - { + } else { // Nothing to register / update before... $test = true; } - } - else - { + } else { // Required file for update does not exists! $test = true; // But this is fine for the first time... @@ -139,9 +141,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) // Finally restore previous SQLs $SQLs = $SQLs2; unset($SQLs2); $EXT_LANG_PREFIX = $LANG_BCK; - } - else - { + } else { // Does not depend on an other extension $test = true; } @@ -258,7 +258,7 @@ function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) { if (FILE_READABLE($file)) { // Load the include require($file); - } + } // END - if //* DEBUG: */ echo __FUNCTION__.":SQLs::count=".count($SQLs)."
\n"; if ((is_array($SQLs) && (sizeof($SQLs) > 0))) { @@ -403,9 +403,11 @@ function EXTENSION_UPDATE($file, $ext, $EXT_VER, $dry_run=false) // Load extension in update mode $EXT_LOAD_MODE = "update"; $EXT_UPDATE_DEPENDS = ""; $NOTES = ""; - include(PATH."inc/extensions/".$file); - if (!empty($EXT_UPDATE_DEPENDS)) - { + + // Load extension file + include(sprintf("%sinc/extensions/%s", PATH, $file)); + + if (!empty($EXT_UPDATE_DEPENDS)) { // Update another extension first! $test = EXTENSION_UPDATE(("ext-".$EXT_UPDATE_DEPENDS.".php"), $EXT_UPDATE_DEPENDS, GET_EXT_VERSION($EXT_UPDATE_DEPENDS), $dry_run); } diff --git a/inc/extensions/ext-surfbar.php b/inc/extensions/ext-surfbar.php index d759cf7ff6..8505ed56da 100644 --- a/inc/extensions/ext-surfbar.php +++ b/inc/extensions/ext-surfbar.php @@ -59,10 +59,11 @@ case "register": // Do stuff when installtion is running (modules.php?module=adm `reward` FLOAT(10,5) UNSIGNED NOT NULL DEFAULT '0.00000', `costs` FLOAT(10,5) UNSIGNED NOT NULL DEFAULT '0.00000', `views_total` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', -`status` ENUM('PENDING','CONFIRMED','LOCKED') NOT NULL DEFAULT 'CONFIRMED', +`status` ENUM('PENDING','CONFIRMED','LOCKED','STOPPED','REJECTED','DELETED') NOT NULL DEFAULT 'CONFIRMED', `registered` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `last_locked` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00', `lock_reason` VARCHAR(255) NOT NULL DEFAULT '', +`reject_reason` VARCHAR(255) NOT NULL DEFAULT '', PRIMARY KEY(`id`), UNIQUE KEY `userid_url` (`userid`, `url`) ) TYPE=MyISAM COMMENT='Surfbar URLs'"; @@ -103,6 +104,35 @@ PRIMARY KEY (`id`), INDEX (`userid`,`url_id`) ) TYPE=MyISAM COMMENT='Surfbar Statistics'"; + // Member actions pending on status + $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_actions`"; + $SQLs[] = "CREATE TABLE `"._MYSQL_PREFIX."_surfbar_actions` ( +`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, +`status` ENUM('PENDING','CONFIRMED','LOCKED','STOPPED','REJECTED','DELETED') NOT NULL DEFAULT 'PENDING', +`action` ENUM('EDIT','DELETE','PAUSE','UNPAUSE','FRAMETEST','RETREAT','RESUBMIT') NULL DEFAULT NULL, +`new_status` ENUM('PENDING','CONFIRMED','LOCKED','STOPPED','REJECTED','DELETED') NULL DEFAULT NULL, +PRIMARY KEY (`id`), +INDEX (`status`) +) TYPE=MyISAM COMMENT='Surfbar Member Actions'"; + + // Member actions + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('PENDING','RETREAT','DELETED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('PENDING','FRAMETEST',NULL)"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('CONFIRMED','EDIT','PENDING')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('CONFIRMED','DELETE','DELETED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('CONFIRMED','PAUSE','PAUSED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('CONFIRMED','FRAMETEST',NULL)"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('LOCKED','DELETE','DELETED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('LOCKED','FRAMETEST',NULL)"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('LOCKED','RESUBMIT','PENDING')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('STOPPED','EDIT','PENDING')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('STOPPED','DELETE','DELETED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('STOPPED','UNPAUSE','CONFIRMED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('REJECTED','EDIT','PENDING')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('REJECTED','DELETE','DELETED')"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('REJECTED','FRAMETEST',NULL)"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_surfbar_actions` (`status`,`action`,`new_status`) VALUES('REJECTED','RESUBMIT','PENDING')"; + // Config entries $SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `surfbar_pay_model` ENUM('STATIC','DYNAMIC') NOT NULL DEFAULT 'STATIC'"; $SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `surfbar_static_reward` FLOAT(20,5) UNSIGNED NOT NULL DEFAULT 0.25000"; @@ -119,6 +149,7 @@ INDEX (`userid`,`url_id`) $SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `surfbar_weekly_counter` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0"; $SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `surfbar_monthly_counter` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0"; $SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `surfbar_stats_reload` BIGINT(20) UNSIGNED NOT NULL DEFAULT 30"; + $SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `surfbar_purge_deleted` BIGINT(20) UNSIGNED NOT NULL DEFAULT ".(ONE_DAY*7).""; // Member menus $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_member_menu` (`action`,`what`,`title`,`visible`,`locked`,`sort`) VALUES ('surfbar',NULL,'Surfbar','Y','Y',4)"; @@ -134,6 +165,7 @@ INDEX (`userid`,`url_id`) $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','unlock_surfbar_urls','Wartende URLs freigeben','Geben Sie hier nur direkt in der Surfbar gebuchte URLs frei.',3)"; $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','config_surfbar','Einstellungen','Einstellungen an der Surfbar ändern, wie Festvergütung, prozentuale Ref-Vergütung und vieles mehr.',4)"; $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','surfbar_stats','Statistiken','Detailierte Statistiken zu einer ausgewählten URL anzeigen.',5)"; + $SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('surfbar','surfbar_actions','Mitgliederaktionen','Listet alle Mitgliederaktionen auf.',6)"; // Load CSS? $EXT_CSS = "Y"; @@ -141,22 +173,23 @@ INDEX (`userid`,`url_id`) case "remove": // Do stuff when removing extension // SQL commands to run - $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_urls`"; + $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_actions`"; $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_locks`"; $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_salts`"; $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_stats`"; + $SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_surfbar_urls`"; $SQLs[] = "DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_member_menu` WHERE `action`='surfbar' LIMIT 5"; - $SQLs[] = "DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_admin_menu` WHERE `action`='surfbar' LIMIT 6"; + $SQLs[] = "DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_admin_menu` WHERE `action`='surfbar' LIMIT 7"; break; case "activate": // Do stuff when admin activates this extension // SQL commands to run - $SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET `visible`='Y', `locked`='N' WHERE `action`='surfbar' LIMIT 3"; + $SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET `visible`='Y', `locked`='N' WHERE `action`='surfbar' LIMIT 5"; break; case "deactivate": // Do stuff when admin deactivates this extension // SQL commands to run - $SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET `locked`='Y' WHERE `action` = 'surfbar' LIMIT 3"; + $SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET `locked`='Y' WHERE `action` = 'surfbar' LIMIT 5"; break; case "update": // Update an extension diff --git a/inc/functions.php b/inc/functions.php index 61d6763fdb..5abc31bab2 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -751,15 +751,6 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { $content['expiration'] = $EXPIRATION; } // END - if - // @TODO Try to rewrite this part - if ($template == "add-points") { - if (isset($_POST['points'])) { - $points = bigintval($_POST['points']); - } else { - $points = __POINTS_VALUE; - } - } // END - if - // Load user's data if ($UID > 0) { if (EXT_IS_ACTIVE("nickname")) { diff --git a/inc/language/de.php b/inc/language/de.php index 3553741169..3a3d558792 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1157,6 +1157,7 @@ define('ADMIN_ALL_ENTRIES_REMOVED', "Alle ausgewählten Einträge sind g define('ADMIN_SOME_ENTRIES_NOT_DELETED', "Es wurden %s von %s ausgewählten Einträge gelöscht."); define('ADMIN_ALL_ENTRIES_EDITED', "Alle ausgewählten Einträge sind geändert."); define('ADMIN_SOME_ENTRIES_NOT_EDITED', "Es wurden %s von %s ausgewählten Einträge geändert."); +define('USER_NOT_REGISTERED', "Anmeldung hat nicht geklappt! :-( Ist unten eine Fehlermeldung eingeblendet? Bitte beim Support melden."); // ?> diff --git a/inc/language/surfbar_de.php b/inc/language/surfbar_de.php index 9ec11edd8c..319a96e80b 100644 --- a/inc/language/surfbar_de.php +++ b/inc/language/surfbar_de.php @@ -51,6 +51,7 @@ define('ADMIN_CONFIG_SURFBAR_MAX_ORDER', "Maximal durch Mitglied in Surfbar buch define('ADMIN_CONFIG_SURFBAR_RESTART_TIME', "Ruhezeit der Surfbar, wenn alle URLs in Reload-Lock sind: (*)"); define('ADMIN_CONFIG_SURFBAR_AUTOSTART', "Surfbar soll nach Ruhezeit automatisch starten?"); define('ADMIN_CONFIG_SURFBAR_STATS_RELOAD', "Reload-Zeit der Statistik unterhalb der beworbenen Seite:"); +define('ADMIN_CONFIG_SURFBAR_PURGE_DELETED', "Verweildauer gelöschter URLs in der Datenbank:"); define('ADMIN_CONFIG_SURFBAR_NOTE', "(*): Es wird empfohlen, die Ruhezeit etwas länger als die Reload-Sperre einzustellen."); // General admin text @@ -69,9 +70,11 @@ define('ADMIN_SURFBAR_EDIT_URL', "URL ändern"); define('ADMIN_SURFBAR_EDIT_URL_NOW', "URL jetzt ändern"); define('ADMIN_SURFBAR_DEL_URL', "URL löschen"); define('ADMIN_SURFBAR_DEL_URL_NOW', "URLs jetzt entfernen"); +define('ADMIN_SURFBAR_UNDELETE_URL', "Löschung zurücknehmen"); define('ADMIN_SURFBAR_UNLOCK_URL', "URL ent-/sperren"); define('ADMIN_SURFBAR_LOCK_URL_NOW', "URL jetzt ent-/sperren"); define('ADMIN_SURFBAR_CONFIRM_URL', "URL(s) freigeben"); +define('ADMIN_SURFBAR_REJECT_URL', "URL(s) ablehnen"); define('ADMIN_SURFBAR_UNLOCK_DONE', "Freischaltung ausgewählter URL(s) vollständig. :-)"); define('ADMIN_SURFBAR_UNLOCK_FAILED', "Freischaltung fehlgeschlagen. Bitte nachschauen, welche URLs nicht freigegeben wurden."); define('ADMIN_SURFBAR_URL_ADDED', "URL wurde der Surfbar hinzugefügt."); @@ -117,6 +120,9 @@ define('MEMBER_CONFIRMED_SURFBAR_URLS_SUBJECT', "Freigabe Ihrer URL in Surfbar") define('SURFBAR_URL_STATUS_CONFIRMED', "Freigegeben"); define('SURFBAR_URL_STATUS_LOCKED', "Gesperrt"); define('SURFBAR_URL_STATUS_PENDING', "Wartend"); +define('SURFBAR_URL_STATUS_STOPPED', "Angehalten"); +define('SURFBAR_URL_STATUS_REJECTED', "Abgelehnt"); +define('SURFBAR_URL_STATUS_DELETED', "Gelöscht"); // ?> diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index 363bca731c..0f34c42e88 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -41,10 +41,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { * Function to secure input strings * * @param $str The unsecured string + * @param $strip Strip tags * @return $str A (hopefully) secured string against XSS and other bad things */ -function secureString ($str) { - $str = trim(strip_tags($str)); +function secureString ($str, $strip=true) { + // Shall we strip HTML code? + if ($strip) $str = strip_tags($str); + + // Trim string + $str = trim($str); + + // Encode in entities $str = htmlentities($str, ENT_QUOTES); return $str; } diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php index e235ce19cb..f4c90eb585 100644 --- a/inc/libs/surfbar_functions.php +++ b/inc/libs/surfbar_functions.php @@ -430,10 +430,10 @@ function SURFBAR_IF_USER_BOOK_MORE_URLS ($uid=0) { global $_CONFIG; // Is this admin and userid is zero or does the user has some URLs left to book? - return ((($uid == 0) && (IS_ADMIN())) || (SURFBAR_GET_TOTAL_USER_URLS($uid) < $_CONFIG['surfbar_max_order'])); + return ((($uid == 0) && (IS_ADMIN())) || (SURFBAR_GET_TOTAL_USER_URLS($uid, "", array("REJECTED")) < $_CONFIG['surfbar_max_order'])); } // Get total amount of URLs of given status for current user -function SURFBAR_GET_TOTAL_USER_URLS ($uid=0, $status="") { +function SURFBAR_GET_TOTAL_USER_URLS ($uid=0, $status="",$exclude="") { global $_CONFIG; // Is the user 0 and user is logged in? @@ -449,9 +449,19 @@ function SURFBAR_GET_TOTAL_USER_URLS ($uid=0, $status="") { $ADD = ""; // Is the status set? - if (!empty($status)) { + if (is_array($status)) { + // Only URLs with these status + $ADD = sprintf(" AND status IN('%s')", implode("','", $status)); + } elseif (!empty($status)) { + // Only URLs with this status $ADD = sprintf(" AND status='%s'", $status); - } // END - if + } elseif (is_array($exclude)) { + // Exclude URLs with these status + $ADD = sprintf(" AND status NOT IN('%s')", implode("','", $exclude)); + } elseif (!empty($exclude)) { + // Exclude URLs with this status + $ADD = sprintf(" AND status != '%s'", $exclude); + } // Get amount from database $result = SQL_QUERY_ESC("SELECT COUNT(id) AS cnt @@ -911,7 +921,7 @@ function SURFBAR_GET_USER_URLS () { // Begin the query $result = SQL_QUERY_ESC("SELECT u.id, u.url, u.views_total, u.status, UNIX_TIMESTAMP(u.registered) AS registered, UNIX_TIMESTAMP(u.last_locked) AS last_locked, u.lock_reason AS lock_reason FROM "._MYSQL_PREFIX."_surfbar_urls AS u -WHERE u.userid=%s +WHERE u.userid=%s AND u.status != 'DELETED' ORDER BY u.id ASC", array($GLOBALS['userid']), __FILE__, __LINE__); @@ -930,6 +940,10 @@ ORDER BY u.id ASC", // Return the array return $URLs; } +// Create list of actions depending on status for the user +function SURFBAR_MEMBER_ACTIONS ($id, $status) { + /* DEBUG: */ die("id={$id},status={$status}"); +} // Determine next id for surfbar or get data for given id, always call this before you call other // getters below this function!!! function SURFBAR_DETERMINE_NEXT_ID ($id = 0) { diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php index 0cc18dbc7b..101d3778de 100644 --- a/inc/modules/admin/overview-inc.php +++ b/inc/modules/admin/overview-inc.php @@ -93,7 +93,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks) if ((empty($cacheArray['extensions']['ext_version'][$ext])) && (SQL_NUMROWS($result) == 1)) { list($dummy, $ext_ver) = SQL_FETCHROW($result); SQL_FREERESULT($result); - } + } // END - if // Update extension if (!empty($ext_ver)) EXTENSION_UPDATE($file, $ext, $ext_ver); @@ -122,7 +122,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", if (SQL_NUMROWS($result_tasks) > 0) { // New jobs found! $JOBS_DONE = false; - } + } // END - if // Free the result SQL_FREERESULT($result); @@ -149,28 +149,30 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Assgin current admin to unassgigned task $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%s LIMIT 1", array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__); - } + } // END - if $ADD = ""; if ($type == "SUPPORT_MEMBER") { $mode = substr($text, 0, strpos($text, ":")); $text = substr($text, strpos($text, ":") + 1); $ADD = "
  • ".ADMIN_TASK_SUPPORT_MODE.": ".$mode."
    • "; - } + } // END - if if ($uid > 0) { $result_user = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); - if (SQL_NUMROWS($result_user) == 1) - { + if (SQL_NUMROWS($result_user) == 1) { list($gender, $sname, $fname, $email) = SQL_FETCHROW($result_user); SQL_FREERESULT($result_user); $ADD = "
  • ".ADMIN_MEMBER_UID.": ".ADMIN_USER_PROFILE_LINK($uid)." (".TRANSLATE_GENDER($gender)." ".$sname." ".$fname.")
    • "; - } - } + } // END - if + } // END - if + + // Decode entities of the text + $text = html_entity_decode($text); // Compile and insert text from task into table template - $text = LOAD_TEMPLATE("admin_extensions_text", true, COMPILE_CODE($text)); + $text = LOAD_TEMPLATE("admin_extensions_text", true, $text); // Initialize variables (no title for SQL commands by default) $ext_name = ""; @@ -215,7 +217,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { if ((!empty($ext_name)) && (GET_EXT_VERSION("sql_patches")) && ($_CONFIG['verbose_sql'] == "Y")) { // Add verbose SQL table $text .= EXTENSION_VERBOSE_TABLE($SQLs, $title, " class=\"admin_table top2 left2 right2\"", true, "100%")."
    \n"; - } + } // END - if } else { // Run SQL commands in dry mode but only return the notes $SQLs = EXTENSION_UPDATE("ext-".$ext_name.".php", $ext_name, $ext_ver, true); @@ -257,7 +259,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Close task but not already closes or deleted or update tasks if (($status != "CLOSED") && ($status != "DELETED") && ($type != "EXTENSION_UPDATE")) { ADMIN_SOLVE_TASK($tid); - } + } // END - if } break; @@ -269,7 +271,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { if (($status != "CLOSED") && ($status != "DELETED")) { // Solve the task ADMIN_SOLVE_TASK($tid); - } + } // END - if break; case "SUPPORT_MEMBER": // Assign on member's support request @@ -282,62 +284,50 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { break; case "PAYOUT_REQUEST": // Payout requests - if (EXT_IS_ACTIVE("payout")) - { + if (EXT_IS_ACTIVE("payout")) { // Extension is installed so let him send a notification to the user $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%s AND payout_timestamp=%s LIMIT 1", array(bigintval($uid), bigintval($created)), __FILE__, __LINE__); list($pid) = SQL_FETCHROW($result_pay); SQL_FREERESULT($result_pay); - if ((!empty($pid)) && ($pid > 0)) - { + if ((!empty($pid)) && ($pid > 0)) { // Payout ID can be obtained $content = array( 'pid' => $pid, 'tid' => $tid, ); $OUT .= LOAD_TEMPLATE("admin_payout_overview_form", true, $content); - } - else - { + } else { // Problem obtaining payout ID $OUT .= "".PAYOUT_OBTAIN_ID_FAILED."\n"; } - } - else - { + } else { // Extension is not installed $OUT .= "".ADMIN_PAYOUT_NOT_INSTALLED."\n"; } break; case "WERNIS_REQUEST": // Wernis requests - if (EXT_IS_ACTIVE("wernis")) - { + if (EXT_IS_ACTIVE("wernis")) { // Extension is installed so let him send a notification to the user $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%s AND wernis_timestamp=%s LIMIT 1", array(bigintval($uid), bigintval($created)), __FILE__, __LINE__); list($pid) = SQL_FETCHROW($result_pay); SQL_FREERESULT($result_pay); - if ((!empty($pid)) && ($pid > 0)) - { + if ((!empty($pid)) && ($pid > 0)) { // Payout ID can be obtained $content = array( 'pid' => $pid, 'tid' => $tid, ); $OUT .= LOAD_TEMPLATE("admin_wernis_overview_form", true, $content); - } - else - { + } else { // Problem obtaining wernis ID $OUT .= "".WERNIS_OBTAIN_ID_FAILED."\n"; } - } - else - { + } else { // Extension is not installed $OUT .= "".ADMIN_WERNIS_NOT_INSTALLED."\n"; } @@ -353,17 +343,14 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { list($span) = SQL_FETCHROW($result); SQL_FREERESULT($result); - if ($span > 0) - { + if ($span > 0) { // Undone unscubscribe request $content = array( 'uid' => $uid, 'id' => $tid ); $OUT .= LOAD_TEMPLATE("admin_newsletter_tsk", true, $content); - } - else - { + } else { // Already unsubscribed $OUT .= "".ADMIN_NL_UNSUBSCRIBE_ALREADY."\n"; } @@ -376,33 +363,25 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { $OUT .= "   \n"; - } + } // END - if $SW = 3 - $SW; - } + } // END - foreach define('__TASK_ROWS', $OUT); // Load final template LOAD_TEMPLATE("admin_overview_list"); - } - else - { - if ((isset($_POST['task'])) && ((sizeof($_POST['task']) > 0) || ($_POST['task'][0] == "1"))) - { + } else { + if ((isset($_POST['task'])) && ((sizeof($_POST['task']) > 0) || ($_POST['task'][0] == "1"))) { // Only unassign / delete tasks when there are selected tasks posted - if (!empty($_POST['unassign'])) - { + if (!empty($_POST['unassign'])) { // Unassign from tasks - foreach ($_POST['task'] as $id => $sel) - { + foreach ($_POST['task'] as $id => $sel) { $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin=0 WHERE id=%s AND assigned_admin=%s LIMIT 1", array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); } - } - elseif (isset($_POST['del'])) - { + } elseif (isset($_POST['del'])) { // Delete tasks - foreach ($_POST['task'] as $id => $sel) - { + foreach ($_POST['task'] as $id => $sel) { $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND assigned_admin IN (%s,0) LIMIT 1", array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); } @@ -411,30 +390,23 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Update query $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin=%s OR (assigned_admin=0 AND status='NEW') ORDER BY task_created DESC", array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__); - } + } // END - if // There are uncompleted jobs! LOAD_TEMPLATE("admin_overview_header"); $SW = 2; - while (list($id, $admin, $uid, $type, $subj, $text, $created) = SQL_FETCHROW($result_tasks)) - { + while (list($id, $admin, $uid, $type, $subj, $text, $created) = SQL_FETCHROW($result_tasks)) { $infos = "---"; - if ($admin == "0") - { + if ($admin == "0") { // No admin currently is assigned $admin = "".ADMIN_NO_ADMIN_ASSIGNED.""; - } - else - { + } else { // Load admin's data $login = GET_ADMIN_LOGIN($admin); - if ($login != "***") - { + if ($login != "***") { // Admin found $admin = "".$login.""; - } - else - { + } else { // Maybe deleted? $admin = "".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2.""; } diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php index ab77cda645..cba19d9490 100644 --- a/inc/modules/admin/what-add_points.php +++ b/inc/modules/admin/what-add_points.php @@ -68,9 +68,15 @@ if ($_GET['u_id'] == "all") { MEDIA_UPDATE_ENTRY(array("total_points"), "add", $_POST['points']); } + // Prepare content + $content = array( + 'text' => SQL_ESCAPE($_POST['reason']), + 'points' => bigintval($_POST['points']) + ); + // Load email template and send email away - $msg = LOAD_EMAIL_TEMPLATE("add-points", $_POST['reason'], $uid); - SEND_EMAIL($email, ADMIN_ADD_SUBJ, $msg); + $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($uid)); + SEND_EMAIL(bigintval($uid), ADMIN_ADD_SUBJ, $msg); } } } @@ -98,13 +104,16 @@ if ($_GET['u_id'] == "all") { $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1", array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__); - // Remember points in constant - define('__POINTS_VALUE', $_POST['points']); + // Prepare content + $content = array( + 'text' => SQL_ESCAPE($_POST['reason']), + 'points' => bigintval($_POST['points']) + ); // Message laden - $msg = LOAD_EMAIL_TEMPLATE("add-points", $_POST['reason'], $_GET['u_id']); + $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id'])); - SEND_EMAIL($email, ADMIN_ADD_SUBJ, $msg); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_ADD_SUBJ, $msg); LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED); } else { // Opps, missing form here diff --git a/inc/modules/admin/what-config_surfbar.php b/inc/modules/admin/what-config_surfbar.php index d844d99e6b..8533ba0414 100644 --- a/inc/modules/admin/what-config_surfbar.php +++ b/inc/modules/admin/what-config_surfbar.php @@ -61,7 +61,9 @@ if (isset($_POST['ok'])) { 'surfbar_dynamic_percent' => TRANSLATE_COMMA($_CONFIG['surfbar_dynamic_percent']), 'surfbar_max_order' => $_CONFIG['surfbar_max_order'], // @TODO Rewrite this to tiny selection boxes - 'surfbar_stats_reload' => $_CONFIG['surfbar_stats_reload'] + 'surfbar_stats_reload' => $_CONFIG['surfbar_stats_reload'], + // @TODO Rewrite this to tiny selection boxes + 'surfbar_purge_deleted' => $_CONFIG['surfbar_purge_deleted'] ); // Prepare payment model for template diff --git a/inc/modules/admin/what-list_surfbar_urls.php b/inc/modules/admin/what-list_surfbar_urls.php index 67a6ce9797..9cf67c054f 100644 --- a/inc/modules/admin/what-list_surfbar_urls.php +++ b/inc/modules/admin/what-list_surfbar_urls.php @@ -98,6 +98,27 @@ if (isset($_POST['edit'])) { array("status" => array("CONFIRMED" => "LOCKED", "LOCKED" => "CONFIRMED")), true ); +} elseif (isset($_POST['undelete'])) { + // Undelete selected URLs. This does only work for deleted URLs... ;-) + ADMIN_LOCK_ENTRIES_CONFIRM( + $_POST['id'], + "surfbar_urls", + array("id", "userid", "url", "registered", "status"), + array("bigintval", "ADMIN_USER_PROFILE_LINK", "FRAMETESTER", "MAKE_DATETIME", "SURFBAR_TRANSLATE_STATUS"), + array("", "", "", "2", "") + ); + $show = false; +} elseif (isset($_POST['do_undelete'])) { + // Undelete selected URLs. This does only work for deleted URLs... ;-) + ADMIN_LOCK_ENTRIES_CONFIRM( + $_POST['id'], + "surfbar_urls", + array(), + array(), + array(), + array("status" => array("DELETED" => "CONFIRMED"), + true + ); } // Show entries? diff --git a/inc/modules/admin/what-lock_user.php b/inc/modules/admin/what-lock_user.php index 590f03a4a0..6ad2703534 100644 --- a/inc/modules/admin/what-lock_user.php +++ b/inc/modules/admin/what-lock_user.php @@ -61,10 +61,10 @@ if (!empty($_GET['u_id'])) if (SQL_AFFECTEDROWS() == 1) { // Send an email to the user! In later version you can optionally switch this feature off - $msg = LOAD_EMAIL_TEMPLATE("lock-user", $_POST['reason'], bigintval($_GET['u_id'])); + $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id'])); // Send away... - SEND_EMAIL($email, ADMIN_LOCKED_SUBJ, $msg); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_LOCKED_SUBJ, $msg); } // Prepare message @@ -77,10 +77,10 @@ if (!empty($_GET['u_id'])) if (SQL_AFFECTEDROWS() == 1) { // Send an email to the user! In later version you can optionally switch this feature off - $msg = LOAD_EMAIL_TEMPLATE("unlock-user", $_POST['reason'], bigintval($_GET['u_id'])); + $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id'])); // Send away... - SEND_EMAIL($email, ADMIN_UNLOCKED_SUBJ, $msg); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_UNLOCKED_SUBJ, $msg); if (EXT_IS_ACTIVE("rallye")) { RALLYE_AUTOADD_USER($_GET['u_id']); diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php index c6de834363..3625940960 100644 --- a/inc/modules/admin/what-sub_points.php +++ b/inc/modules/admin/what-sub_points.php @@ -66,9 +66,15 @@ if ($_GET['u_id'] == "all") // Ok, add points to used points and send an email to him... SUB_POINTS($uid, $_POST['points']); + // Prepare content + $content = array( + 'text' => SQL_ESCAPE($_POST['reason']), + 'points' => bigintval($_POST['points']) + ); + // Load message and send it away - $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid); - SEND_EMAIL($email, ADMIN_SUB_SUBJ, $msg); + $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($uid)); + SEND_EMAIL(bigintval($uid), ADMIN_SUB_SUBJ, $msg); } } } @@ -100,12 +106,15 @@ if ($_GET['u_id'] == "all") // Ok, add to used points and send an email to him... SUB_POINTS(bigintval($_GET['u_id']), $_POST['points']); - // Remember points in template - define('__POINTS_VALUE', bigintval($_POST['points'])); + // Prepare content + $content = array( + 'text' => SQL_ESCAPE($_POST['reason']), + 'points' => bigintval($_POST['points']) + ); // Load email and send it away - $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $_GET['u_id']); - SEND_EMAIL($email, ADMIN_SUB_SUBJ, $msg); + $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id'])); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_SUB_SUBJ, $msg); // Output message LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_SUBTRACTED); diff --git a/inc/modules/admin/what-unlock_surfbar_urls.php b/inc/modules/admin/what-unlock_surfbar_urls.php index 707d238077..4bae745901 100644 --- a/inc/modules/admin/what-unlock_surfbar_urls.php +++ b/inc/modules/admin/what-unlock_surfbar_urls.php @@ -50,7 +50,16 @@ if ((isset($_POST['unlock'])) && (is_array($_POST['id'])) && (count($_POST['id'] // Unlock failed! LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SURFBAR_UNLOCK_FAILED); } -} // END - if +} elseif ((isset($_POST['reject'])) && (is_array($_POST['id'])) && (count($_POST['id']) > 0)) { + // Reject selected URLs + if (SURFBAR_ADMIN_REJECT_URL_IDS($_POST['id'])) { + // Unlock done! :-) + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SURFBAR_UNLOCK_DONE); + } else { + // Unlock failed! + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_SURFBAR_UNLOCK_FAILED); + } +} // List all URLs $result = SQL_QUERY("SELECT id, userid, url, reward, costs, UNIX_TIMESTAMP(registered) AS registered diff --git a/inc/modules/member/what-surfbar_list.php b/inc/modules/member/what-surfbar_list.php index 0ebf9f903f..c551004e66 100644 --- a/inc/modules/member/what-surfbar_list.php +++ b/inc/modules/member/what-surfbar_list.php @@ -52,6 +52,15 @@ if (count($URLs) > 0) { foreach ($URLs as $id => $content) { // "Translate"/insert data $content['sw'] = $SW; + $content['url'] = FRAMETESTER($content['url']); + if ($content['views_total'] > 0) { + // Include link to stats + $content['views_total'] = "[".TRANSLATE_COMMA($content['views_total'])."]"; + } // END - if + $content['registered'] = MAKE_DATETIME($content['registered'], "2"); + $content['last_locked'] = MAKE_DATETIME($content['last_locked'], "2"); + $content['actions'] = SURFBAR_MEMBER_ACTIONS($content['id'], $content['status']); + $content['status'] = SURFBAR_TRANSLATE_STATUS($content['status']); // Load row template $OUT .= LOAD_TEMPLATE("member_surfbar_list_row", true, $content); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 279808c0ce..9340706592 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -1195,8 +1195,14 @@ function ADD_POINTS_REFSYSTEM($uid, $points, $send_notify=false, $rid="0", $lock // Direct payment shall be notified about define('__POINTS_VALUE', $ref_points); + // Prepare content + $content = array( + 'text' => REASON_DIRECT_PAYMENT, + 'points' => TRANSLATE_COMMA($ref_points) + ); + // Load message - $msg = LOAD_EMAIL_TEMPLATE("add-points", REASON_DIRECT_PAYMENT, $uid); + $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, $uid); // And sent it away SEND_EMAIL($email, SUBJECT_DIRECT_PAYMENT, $msg); diff --git a/inc/security.php b/inc/security.php index 4bbc30134e..2bf08fc73b 100644 --- a/inc/security.php +++ b/inc/security.php @@ -31,8 +31,12 @@ * MA 02110-1301 USA * ************************************************************************/ -echo "Protected file ".basename($_SERVER['PHP_SELF'])." - ACCESS DENIED! -
    +echo " + +Protected file ".basename($_SERVER['PHP_SELF'])." - ACCESS DENIED! + + +
    @@ -50,7 +54,8 @@ echo "Protected file ".basename($_SERVER['PHP_SELF'])." - ACC </TD> </TR> </TABLE> -</DIV></BODY> +</DIV> +</BODY> </HTML>\n"; exit(); // diff --git a/templates/de/emails/add-points.tpl b/templates/de/emails/add-points.tpl index 1dd2bd056a..321c875805 100644 --- a/templates/de/emails/add-points.tpl +++ b/templates/de/emails/add-points.tpl @@ -1,10 +1,10 @@ Hallo $content[gender] $content[surname] $content[family], -Einer unserer Administratoren hat Ihnen soeben {!__POINTS_VALUE!} {!POINTS!} gutgeschrieben! +Einer unserer Administratoren hat Ihnen soeben $content[points] {!POINTS!} gutgeschrieben! Grund dazu war folgender: ------------------------------ -$content +$content[text] ------------------------------ Mit freundlichem Gruss, diff --git a/templates/de/emails/del-user.tpl b/templates/de/emails/del-user.tpl index 4bc5a3344a..4a3c07a91a 100644 --- a/templates/de/emails/del-user.tpl +++ b/templates/de/emails/del-user.tpl @@ -4,7 +4,7 @@ Einer unserer Administratoren hat soeben Ihren Account geloescht! Grund der Loeschung war folgender: ------------------------------------ -$content +$content[text] ------------------------------------ Ihre User-ID war: $UID ------------------------------------ diff --git a/templates/de/emails/lock-user.tpl b/templates/de/emails/lock-user.tpl index 98b6914750..d8dc5024a1 100644 --- a/templates/de/emails/lock-user.tpl +++ b/templates/de/emails/lock-user.tpl @@ -8,7 +8,7 @@ Ihr Account wurde von einem unserer Administratoren gesperrt! Bitte halten Sie s Grund der Sperrung war: -------------- -$content +$content[text] -------------- Sollten Sie damit nicht einverstanden sein, so melden Sie sich bitte bei uns ({!WEBMASTER!}). Wir kommen dann in Kontakt mit Ihnen. diff --git a/templates/de/emails/newsletter.tpl b/templates/de/emails/newsletter.tpl index 60bbb454c8..15e9e9f31b 100644 --- a/templates/de/emails/newsletter.tpl +++ b/templates/de/emails/newsletter.tpl @@ -6,7 +6,9 @@ Ihre User-ID bei uns: $UID Sie erhalten diesen Newsletter von uns, weil Sie Mitglied bei unserem {!MT_WORD!}-Dienst {!MAIN_TITLE!} ({!URL!}) sind. Dies ist somit kein Spam! Eine Abmeldemoeglichkeit finden Sie am Ende dieses Newsletters. -$content +============================================================ +$content[text] +============================================================ Moechten Sie keine weiteren Newsletter mehr von uns erhalten, melden Sie sich bitte bei uns ({!WEBMASTER!}) und wir loeschen dann Ihren Account bei uns. diff --git a/templates/de/emails/newsletter_html.tpl b/templates/de/emails/newsletter_html.tpl index b49c423bbc..be393962fb 100644 --- a/templates/de/emails/newsletter_html.tpl +++ b/templates/de/emails/newsletter_html.tpl @@ -6,7 +6,9 @@ Ihre User-ID bei uns: $UID Sie erhalten diesen Newsletter von uns, weil Sie Mitglied bei unserem {!MT_WORD!}-Dienst {!MAIN_TITLE!} ({!URL!}) sind. Dies ist somit kein Spam! Eine Abmeldemöglichkeit finden Sie am Ende dieses Newsletters. -$content +============================================================ +$content[text] +============================================================ Möchten Sie keine weiteren Newsletter mehr von uns erhalten, melden Sie sich bitte bei uns ({!WEBMASTER!}) und wir löschen dann Ihren Account bei uns. diff --git a/templates/de/emails/sub-points.tpl b/templates/de/emails/sub-points.tpl index 48a1ad0abf..fe69cf700c 100644 --- a/templates/de/emails/sub-points.tpl +++ b/templates/de/emails/sub-points.tpl @@ -1,10 +1,10 @@ Hallo $content[gender] $content[surname] $content[family], -Einer unserer Administratoren hat Ihnen soeben {!__POINTS_VALUE!} {!POINTS!} abgezogen! +Einer unserer Administratoren hat Ihnen soeben $content[points] {!POINTS!} abgezogen! Grund dazu war folgender: ---------------- -$content +$content[text] ---------------- Mit freundlichem Gruss, diff --git a/templates/de/emails/unlock-user.tpl b/templates/de/emails/unlock-user.tpl index 7710f82cd0..ffedfac6d3 100644 --- a/templates/de/emails/unlock-user.tpl +++ b/templates/de/emails/unlock-user.tpl @@ -11,7 +11,7 @@ Sollten Sie Ihr Passwort vergessen haben, geben Sie bitte unten die User-ID $UID Nachricht vom Admin: --------------------------- -$content +$content[text] --------------------------- Bitte beachten Sie beim naechsten Mal auf unsere AGBs, damit Ihnen diese Unangenehmlichkeiten erspart bleiben. diff --git a/templates/de/html/admin/admin_config_surfbar.tpl b/templates/de/html/admin/admin_config_surfbar.tpl index e0cee5cd64..c172e6b8f3 100644 --- a/templates/de/html/admin/admin_config_surfbar.tpl +++ b/templates/de/html/admin/admin_config_surfbar.tpl @@ -77,6 +77,15 @@ <INPUT type="text" name="surfbar_stats_reload" size="6" maxlength="20" value="$content[surfbar_stats_reload]" /> </TD> </TR> + <TR><TD height="3" colspan="2" class="seperator"> </TD></TR> + <TR> + <TD height="30" align="right" style="padding-right:5px"> + {--ADMIN_CONFIG_SURFBAR_PURGE_DELETED--} + </TD> + <TD> + <INPUT type="text" name="surfbar_purge_deleted" size="6" maxlength="20" value="$content[surfbar_purge_deleted]" /> + </TD> + </TR> <TR><TD height="8" colspan="2" class="seperator bottom2"> </TD></TR> <TR> <TD align="center" colspan="2" class="admin_footer bottom2"> diff --git a/templates/de/html/admin/admin_list_surfbar_urls.tpl b/templates/de/html/admin/admin_list_surfbar_urls.tpl index 71fb5748d5..c3de9b260d 100644 --- a/templates/de/html/admin/admin_list_surfbar_urls.tpl +++ b/templates/de/html/admin/admin_list_surfbar_urls.tpl @@ -23,6 +23,7 @@ $content <input type="reset" class="admin_reset" value="{--UNDO_SELECTIONS--}"> * <input type="submit" name="edit" class="admin_submit" value="{--ADMIN_SURFBAR_EDIT_URL--}"> * <input type="submit" name="lock" class="admin_submit" value="{--ADMIN_SURFBAR_UNLOCK_URL--}"> * + <input type="submit" name="undelete" class="admin_submit" value="{--ADMIN_SURFBAR_UNDELETE_URL--}"> * <input type="submit" name="delete" class="admin_delete" value="{--ADMIN_SURFBAR_DEL_URL--}"> </td> </tr> diff --git a/templates/de/html/admin/admin_unlock_surfbar_urls.tpl b/templates/de/html/admin/admin_unlock_surfbar_urls.tpl index 987a13c328..5761720e08 100644 --- a/templates/de/html/admin/admin_unlock_surfbar_urls.tpl +++ b/templates/de/html/admin/admin_unlock_surfbar_urls.tpl @@ -17,6 +17,7 @@ $content <TR> <TD class="admin_footer" colspan="6"> <INPUT type="reset" class="admin_reset" value="{--UNDO_SELECTIONS--}"> * + <INPUT type="submit" name="reject" class="admin_submit" value="{--ADMIN_SURFBAR_REJECT_URL--}"> <INPUT type="submit" name="unlock" class="admin_submit" value="{--ADMIN_SURFBAR_CONFIRM_URL--}"> </TD> </TR> -- 2.30.2
    A C C E S S   D E N I E D !