function sql_escapeArray($arr = array()) { $rs = array(); if ($arr && is_array($arr)) { foreach ($arr as $key => $val) { if (is_array($val)) { $rs[$key] = sql_escapeArray($val); } else { $rs[$key] = sql_escapeStr($val); } } } return $rs; }
Project::getInstance()->getSmarty()->display('../default/admin/user_bonus.tpl'); break; case 'bad_withdrawals': $result = sql_query(' SELECT * FROM bad_withdrawals WHERE user_id="' . intval($_REQUEST['id']) . '" '); $bads = array(); while ($row = mysql_fetch_assoc($result)) { $bads[] = $row; } Project::getInstance()->getSmarty()->assign('bads', $bads); Project::getInstance()->getSmarty()->display('../default/admin/user_bad_withdrawals.tpl'); break; case 'message': if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'send') { $_POST = sql_escapeArray($_POST); $message = new UserMessage(); $message->setData($_POST); $message->user_id = intval($_REQUEST['id']); $message->stamp = Project::getInstance()->getNow(); $message->save(); location($_SERVER['PHP_SELF'] . '?action=profile&id=' . intval($_REQUEST['id']), '<p class=imp>Message <u>' . htmlspecialchars($message->title) . '</u> has been send!</p>'); } Project::getInstance()->getSmarty()->assign('user_id', intval($_REQUEST['id'])); Project::getInstance()->getSmarty()->display('../default/admin/user_message.tpl'); break; default: $result_ips = sql_query(' SELECT user_id, INET_NTOA(ip) as ip FROM visits GROUP BY user_id, ip '); $ips = array();
} } if (empty($_POST['terms']) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'You should accept Terms and Conditions!'); $valid = false; } if ($_POST['login'] == $_POST['referral']) { $_POST['referral'] = ''; } if ($valid) { $user = new User(); $_POST['pm_member_id'] = !empty($_POST['pm_member_id']) ? $_POST['pm_member_id'] : ''; $_POST['secpin'] = $_POST['secpin_signup']; $_POST['masterpin'] = $_POST['masterpin_signup']; $_POST['reg_date'] = Project::getInstance()->getNow(); $user->setData(sql_escapeArray($_POST)); $user->access = ACCESS_LEVEL_USER; $user->status = USER_STATUS_ACTIVE; if ($user_id = $user->save()) { $page_tpl = 'signup_ok.tpl'; include_once LIB_ROOT . '/emails.class.php'; $params = array('%user_fullname%' => $user->fullname, '%user_login%' => $user->login, '%user_password%' => $user->password, '%user_secpin%' => $user->secpin, '%user_masterpin%' => $user->masterpin, '%project_name%' => get_setting('project_name'), '%project_email%' => get_setting('project_email')); $email = new Emails($user_id, 'signup_notify', $params); $email->send(); } } else { Project::getInstance()->getSmarty()->assign('signup', $_POST); $page_tpl = 'signup.tpl'; } } else { $page_tpl = 'signup.tpl';