2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 10/19/2003 *
4 * =================== Last change: 08/26/2004 *
6 * -------------------------------------------------------------------- *
7 * File : what-order.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Order mails here *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Hier koennen Ihre Mitglieder Mails buchen *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * -------------------------------------------------------------------- *
18 * Copyright (c) 2003 - 2009 by Roland Haeder *
19 * Copyright (c) 2009 - 2012 by Mailer Developer Team *
20 * For more information visit: http://mxchange.org *
22 * This program is free software; you can redistribute it and/or modify *
23 * it under the terms of the GNU General Public License as published by *
24 * the Free Software Foundation; either version 2 of the License, or *
25 * (at your option) any later version. *
27 * This program is distributed in the hope that it will be useful, *
28 * GNU General Public License for more details. *
30 * You should have received a copy of the GNU General Public License *
31 * along with this program; if not, write to the Free Software *
32 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
34 ************************************************************************/
36 // Some security stuff...
37 if (!defined('__SECURITY')) {
39 } elseif (!isMember()) {
40 redirectToIndexMemberOnlyModule();
43 // Add description as navigation point
44 addYouAreHereLink('member', __FILE__);
46 if ((!isExtensionActive('order')) && (!isAdmin())) {
47 displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=order%}');
54 'data_type' => 'TEMP',
58 $ALLOWED = getUserData('receive_mails') - getUserData('mail_orders');
59 if (getOrderMaxFull() == 'MAX') $ALLOWED = getUserData('receive_mails');
61 // Now check his points amount
62 $totalPoints = getTotalPoints(getMemberId());
64 // Admin can always book
65 if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (isUserDataEnabled('holiday_active')) && (!isAdmin())) {
67 displayMessage('{--MEMBER_HOLIDAY_ORDER_NOT_POSSIBLE--}');
68 } elseif ((isPostRequestElementSet('frametester')) && ($ALLOWED > 0) && (postRequestElement('receiver') > 0)) {
69 // Continue with the frametester, we first need to store the data temporary in the pool
71 // First we would like to store the data and get it's pool position back...
72 // @TODO Try to move out url_tlock to a filter for extra SQL statements
73 $result = SQL_QUERY_ESC("SELECT
77 `{?_MYSQL_PREFIX?}_pool`
81 (UNIX_TIMESTAMP() - `timestamp`) >= {?url_tlock?}
85 postRequestElement('url')
86 ), __FILE__, __LINE__);
88 if (SQL_NUMROWS($result) == 1) {
89 // Load id and mail type
90 $data = SQL_FETCHARRAY($result);
94 SQL_FREERESULT($result);
96 if ($data['data_type'] == 'TEMP') {
97 // No entry found, so we need to check out the stats table as well... :)
98 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
100 if (getConfig('allow_url_in_text') == 'Y') {
101 // Test submitted text against some filters (length, URLs in text etc.)
102 if ((isInStringIgnoreCase('https://', postRequestElement('text'))) || (isInStringIgnoreCase('http://', postRequestElement('text'))) || (isInStringIgnoreCase('www', postRequestElement('text')))) {
104 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('URL_FOUND');
107 // Remove new-line and carriage-return characters
108 $TEST = str_replace(array(PHP_EOL, chr(13)), array('', ''), postRequestElement('text'));
110 // Text length within allowed length?
111 if (strlen($TEST) > getMaxTextLength()) {
113 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('OVERLENGTH');
117 // Shall I test the subject line against URLs?
118 if (getConfig('allow_url_in_subject') == 'Y') {
119 // Check the subject line for issues
120 setPostRequestElement('subject', str_replace(chr(92), '[nl]', substr(postRequestElement('subject'), 0, 200)));
121 if ((isInStringIgnoreCase('https://', postRequestElement('subject'))) || (isInStringIgnoreCase('http://', postRequestElement('subject'))) || (isInStringIgnoreCase('www', postRequestElement('subject')))) {
122 // URL in subject found
123 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('SUBJECT_URL');
127 // And shall I check that his URL is not in the black list?
128 if ((isExtensionActive('blacklist')) && (isUrlBlacklisted(postRequestElement('url')))) {
129 // Create redirect-URL
130 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('BLIST_URL') . '&blist=' . $GLOBALS['blacklist_data'][postRequestElement('url')]['timestamp'];
133 // Enougth receivers entered?
134 if ((postRequestElement('receiver') < getConfig('order_min')) && (!isAdmin())) {
135 // Less than allowed receivers entered!
136 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS3');
140 if (!isUrlValid(postRequestElement('url'))) {
142 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('INVALID_URL');
145 // Probe for HTML extension
146 if (isExtensionActive('html_mail')) {
147 // HTML or regular text mail?
148 if (postRequestElement('html') == 'Y') {
149 // Chek for valid HTML tags
150 setPostRequestElement('text', checkHtmlTags(postRequestElement('text')));
152 // Maybe invalid tags found?
153 if (!isPostRequestElementSet('text')) $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS') . '&id=' . $data['id'];
155 // Remove any HTML code
156 setPostRequestElement('text', str_replace(array('<', '>'), array('{OPEN_HTML}', '{CLOSE_HTML}'), postRequestElement('text')));
161 if ((!isPostRequestElementSet('mail_type')) || (postRequestElement('mail_type') < 1)) {
163 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('NO_MAIL_TYPE');
165 } elseif (!isAdmin()) {
166 // He has already sent a mail within a specific time
167 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('URL_TIME_LOCK') . '&id=' . $data['id'];
171 if (empty($data['url'])) {
173 $result = SQL_QUERY_ESC("SELECT
176 `{?_MYSQL_PREFIX?}_user_cats` AS `c`
178 `{?_MYSQL_PREFIX?}_user_data` AS `d`
180 `c`.`userid`=`d`.`userid`
183 `c`.`userid` != %s AND
184 `d`.`status`='CONFIRMED'
185 " . runFilterChain('user_exclusion_sql', ' ') . " AND
186 `d`.`receive_mails` > 0
188 `d`.`{?order_select?}` {?order_mode?}",
190 bigintval(postRequestElement('cat')),
192 ), __FILE__, __LINE__);
194 // Are there still receivers left?
195 if (SQL_NUMROWS($result) >= postRequestElement('receiver')) {
196 // Load receivers from database
197 $TEST = array(); $count = '0';
198 while ($holidayContent = SQL_FETCHARRAY($result)) {
199 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
200 // Check for his holiday status
201 $result_holiday = SQL_QUERY_ESC("SELECT
204 `{?_MYSQL_PREFIX?}_user_holidays`
207 `holiday_start` < UNIX_TIMESTAMP() AND
208 `holiday_end` > UNIX_TIMESTAMP()
210 array($holidayContent['userid']), __FILE__, __LINE__);
211 if (SQL_NUMROWS($result_holiday) == 1) {
212 // Exclude user who are in holiday
213 $holidayContent['userid'] = '0';
217 SQL_FREERESULT($result_holiday);
220 if (isValidId($holidayContent['userid'])) {
222 array_push($TEST, $holidayContent['userid']);
228 SQL_FREERESULT($result);
230 // Implode array into string for the sending pool
231 $receiver = implode($TEST, ';');
233 // Count array for maximum sent
234 $content['target_send'] = count($TEST);
236 // Update receiver list
237 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s",
239 convertReceivers($receiver),
240 bigintval($content['target_send'])
241 ), __FILE__, __LINE__);
243 // Is calculated max receivers larger than wanted receivers then reset it
244 if ($content['target_send'] > postRequestElement('receiver')) {
245 $content['target_send'] = bigintval(postRequestElement('receiver'));
248 // Calculate used points
249 $usedPoints = $content['target_send'] * getPaymentPrice(bigintval(postRequestElement('mail_type')));
251 // Fix empty zip code
252 if (!isPostRequestElementSet('zip')) {
253 setPostRequestElement('zip', 0);
256 // Check if he has enougth points for this order and selected more than 0 receivers
257 if (($usedPoints > 0) && ($usedPoints <= $totalPoints) && ($content['target_send'] > 0)) {
258 // Gettings points is okay, so we can add $usedPoints later from
259 if ((!isValidId($data['id'])) || ($data['data_type'] != 'TEMP')) {
262 if (isExtensionActive('html_mail')) {
263 // HTML extension is active
264 SQL_QUERY_ESC("INSERT INTO
265 `{?_MYSQL_PREFIX?}_pool`
295 postRequestElement('subject'),
296 postRequestElement('text'),
298 bigintval(postRequestElement('mail_type')),
299 postRequestElement('url'),
300 bigintval(postRequestElement('cat')),
301 bigintval($content['target_send']),
302 bigintval(postRequestElement('zip'), TRUE, FALSE),
303 postRequestElement('html')
304 ), __FILE__, __LINE__);
306 // No HTML extension is active
307 SQL_QUERY_ESC("INSERT INTO
308 `{?_MYSQL_PREFIX?}_pool`
336 postRequestElement('subject'),
337 postRequestElement('text'),
339 bigintval(postRequestElement('mail_type')),
340 postRequestElement('url'),
341 bigintval(postRequestElement('cat')),
342 bigintval($content['target_send']),
343 bigintval(postRequestElement('zip'), TRUE, FALSE),
344 ), __FILE__, __LINE__);
348 $data['id'] = SQL_INSERTID();
350 // Change current order
351 if (isExtensionActive('html_mail')) {
352 // HTML extension is active
353 SQL_QUERY_ESC("UPDATE
354 `{?_MYSQL_PREFIX?}_pool`
360 `timestamp`=UNIX_TIMESTAMP(),
370 postRequestElement('subject'),
371 postRequestElement('text'),
373 bigintval(postRequestElement('mail_type')),
374 postRequestElement('url'),
375 bigintval(postRequestElement('cat')),
376 $content['target_send'],
377 bigintval(postRequestElement('zip')),
378 postRequestElement('html'),
379 bigintval($data['id'])
380 ), __FILE__, __LINE__);
382 // No HTML extension is active
383 SQL_QUERY_ESC("UPDATE
384 `{?_MYSQL_PREFIX?}_pool`
390 `timestamp`=UNIX_TIMESTAMP(),
399 postRequestElement('subject'),
400 postRequestElement('text'),
402 bigintval(postRequestElement('mail_type')),
403 postRequestElement('url'),
404 bigintval(postRequestElement('cat')),
405 $content['target_send'],
406 bigintval(postRequestElement('zip')),
407 bigintval($data['id'])
408 ), __FILE__, __LINE__);
412 // Make sure only valid id numbers can pass
413 assert(isValidId($data['id']));
415 // Id is received so we can redirect the user, used points will be added when he send's out the mail
416 $data['url'] = 'modules.php?module=frametester&order=' . $data['id'];
417 } elseif ($content['target_send'] == '0') {
418 // Not enougth receivers found which can receive mails
419 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS2');
421 // No enougth points left!
422 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('MORE_POINTS');
425 // Ordered more mails than he can send in this category
426 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('NO_RECS_LEFT');
429 } elseif (postRequestElement('receiver') == '0') {
430 // Not enougth receivers selected
431 $data['url'] = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS1');
432 } elseif (($ALLOWED == '0') && (getOrderMaxFull() == 'ORDER')) {
433 // No more mail orders allowed
434 displayMessage('{--MEMBER_ORDER_ALLOWED_EXHAUSTED--}');
435 } elseif (getTotalUnconfirmedMails(getMemberId()) < getConfig('max_unconfirmed')) {
436 // Show only enabled categories to the user ...
437 $whereStatement = " WHERE `visible`='Y'";
439 // ... but all to the admin
440 if (isAdmin()) $whereStatement = '';
442 // Display order form
443 $result_cats = SQL_QUERY('SELECT
447 `{?_MYSQL_PREFIX?}_cats`
448 ' . $whereStatement . '
450 `sort` ASC', __FILE__, __LINE__);
452 // Some categories found?
453 if (!SQL_HASZERONUMS($result_cats)) {
454 // Enought points left?
455 if ($totalPoints > 0) {
456 // Initialize array...
463 // Enable HTML checking
464 // @TODO Rewrite this to a filter
465 $HTML = ''; $HOL_STRING = '';
466 if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
467 $HTML = " AND `html`='Y'";
469 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
470 // Extension's version is fine
471 $HOL_STRING = " AND `holiday_active`='N'";
474 // ... and begin loading stuff
475 while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
476 $categories['id'][] = bigintval($categoriesContent['id']);
477 array_push($categories['name'], $categoriesContent['cat']);
479 // Select users in current category
480 $result_userids = SQL_QUERY_ESC('SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != %s ORDER BY `userid` ASC',
481 array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__);
484 while (list($userid) = SQL_FETCHROW($result_userids)) {
485 // Check for holiday system
486 $isHolidayActive = FALSE;
487 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
488 // Check user's holiday status
489 $result_holiday = SQL_QUERY_ESC("SELECT
490 COUNT(`d`.`userid`) AS `cnt`
492 `{?_MYSQL_PREFIX?}_user_data` AS `d`
494 `{?_MYSQL_PREFIX?}_user_holidays` AS `h`
496 `d`.`userid`=`h`.`userid`
499 `d`.`receive_mails` > 0 AND
500 `d`.`status`='CONFIRMED' AND
501 `d`.`holiday_active`='Y' AND
502 `h`.`holiday_start` < UNIX_TIMESTAMP() AND
503 `h`.`holiday_end` > UNIX_TIMESTAMP()
505 array(bigintval($userid)), __FILE__, __LINE__);
508 list($count) = SQL_FETCHROW($result_holiday);
511 SQL_FREERESULT($result_holiday);
513 // Is holiday is active?
514 $isHolidayActive = ($count == 1);
517 if ($isHolidayActive === FALSE) {
518 // Check if the user want's to receive mails?
519 $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s" . $HTML . " AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1",
520 array(bigintval($userid)), __FILE__, __LINE__);
522 if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestElementSet('zip')) && (isOrderMultiPageEnabled())) {
524 list($zip) = SQL_FETCHROW($result_ver);
525 if (substr($zip, 0, strlen(postRequestElement('zip'))) == postRequestElement('zip')) {
526 // Ok, ZIP code part is found
531 $userid_cnt += SQL_NUMROWS($result_ver);
535 SQL_FREERESULT($result_ver);
540 SQL_FREERESULT($result_userids);
541 array_push($categories['userids'], $userid_cnt);
545 SQL_FREERESULT($result_cats);
547 // Now we need to load the mail types...
548 $result = SQL_QUERY("SELECT `id`, `price`, `payment`, `mail_title` FROM `{?_MYSQL_PREFIX?}_payments` WHERE `price` > 0 AND `payment` > 0 ORDER BY `payment` ASC", __FILE__, __LINE__);
551 if (!SQL_HASZERONUMS($result)) {
552 // Is the error code set?
553 if (isGetRequestElementSet('code')) {
554 // Display error message
555 displayMessage(getMessageFromErrorCode(getRequestElement('code')));
558 // Load all email types...
559 while ($payment = SQL_FETCHARRAY($result)) {
560 array_push($payments, $payment);
564 SQL_FREERESULT($result);
566 // Output user's points
567 $content['total_points'] = $totalPoints;
569 // Check how many mail orders he has placed today and how many he's allowed to send
570 switch (getOrderMaxFull()) {
571 case 'MAX': // He is allowed to send as much as possible
572 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_MAX--}';
575 case 'ORDER': // He is allowed to send as much as he setup the receiving value
576 $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, getUserData('receive_mails'));
579 default: // Unknown/invalid
580 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getOrderMaxFull()));
581 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_UNKNOWN--}';
585 // Load final template
586 loadTemplate('member_order_points', FALSE, $content);
594 // Check if we already have an order placed and make it editable
595 $result = SQL_QUERY_ESC("SELECT
605 `{?_MYSQL_PREFIX?}_pool`
610 array(getMemberId()), __FILE__, __LINE__);
612 if (SQL_NUMROWS($result) == 1) {
614 $content = merge_array($content, SQL_FETCHARRAY($result));
616 // Fix max receivers when it is too much
617 if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) {
619 $content['target_send'] = $categories['userids'][$content['cat_id']];
622 // Old order is grabbed
625 // Default output for that your members don't forget it...
626 $content['url'] = 'http://';
627 $content['target_send'] = '{?order_min?}';
628 $content['subject'] = '';
629 $content['text'] = '';
633 SQL_FREERESULT($result);
635 if ((isPostRequestElementSet('data')) || ((getOrderMultiPage() != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
636 // Pre-output categories
637 $content['category_selection'] = generateCategoryOptionsList(((isExtensionActive('html_mail')) && (isPostRequestElementSet('html'))) ? postRequestElement('html') : 'N', getMemberId());
640 $content['payment_selection'] = '';
641 foreach ($payments as $key => $value) {
642 if (is_array($value)) {
643 // Output option line
644 $content['payment_selection'] .= ' <option value="' . $payments[$key]['id'] . '"';
645 if (($OLD_ORDER) && ($content['payment_id'] == $payments[$key]['id'])) $content['payment_selection'] .= ' selected="selected"';
646 $content['payment_selection'] .= '>{%pipe,translateComma=' . $payments[$key]['price'] . '%} {--PER_MAIL--} - ' . $payments[$key]['mail_title'] . ' - ' . round($payments[$key]['payment']) . ' {--PAYMENT--}</option>';
650 // No content is default
651 $content['zip_content'] = '';
653 if (isPostRequestElementSet('zip')) {
654 // Output entered ZIP code
655 $content['zip_content'] = loadTemplate('member_order_zip2', TRUE, postRequestElement('zip'));
658 // No HTML extension installed by default
659 $content['html_extension'] = '<input type="hidden" name="html" value="N" />';
662 if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
663 // Extension is active so output valid HTML tags
664 $content['html_extension'] = loadTemplate('member_order_html_ext', TRUE);
667 // Output form for page 2
668 loadTemplate('member_order_page2', FALSE, $content);
670 // No HTML extension installed by default
671 $content['html_extension'] = '<input type="hidden" name="html" value="N" />';
673 // Remember maybe entered ZIP code in constant
674 if (isExtensionActive('html_mail')) {
675 // Add some content when html extension is active
676 $content['html_extension'] = loadTemplate('member_order_html_intro', TRUE);
679 // Default is no ZIP code
680 $content['zip_content'] = '';
682 // Is sending to ZIP code enabled? (logged-in admin can always send to it)
683 if ((isOrderMultiPageEnabled()) || (isAdmin())) {
685 if (postRequestElement('zip') > 0) {
687 'zip' => bigintval(postRequestElement('zip'))
694 $content['zip_content'] = loadTemplate('member_order_zip1', TRUE, $data);
697 // Output form for page 1 (ZIP code or HTML)
698 loadTemplate('member_order_page1', FALSE, $content);
701 // No mail types defined
702 displayMessage('<span class="bad">{--MEMBER_ORDER_NO_PAYMENTS--}</span>');
706 displayMessage('<span class="bad">{--MEMBER_ORDER_NO_POINTS--}</span>');
709 // No cateogries are defined yet
710 displayMessage('<span class="bad">{--MEMBER_NO_CATEGORIES--}</span>');
713 // Please confirm some mails first
714 displayMessage('<span class="notice">{%message,MEMBER_ORDER_LINKS_LEFT=' . getTotalUnconfirmedMails(getMemberId()) . '%}</span>');
717 if (!empty($data['url'])) {
718 // Redirect to requested URL
719 redirectToUrl($data['url']);