2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 10/19/2003 *
4 * =================== Last change: 08/26/2004 *
6 * -------------------------------------------------------------------- *
7 * File : what-order.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Order mails here *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Hier koennen Ihre Mitglieder Mails buchen *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * -------------------------------------------------------------------- *
18 * Copyright (c) 2003 - 2009 by Roland Haeder *
19 * Copyright (c) 2009 - 2012 by Mailer Developer Team *
20 * For more information visit: http://mxchange.org *
22 * This program is free software; you can redistribute it and/or modify *
23 * it under the terms of the GNU General Public License as published by *
24 * the Free Software Foundation; either version 2 of the License, or *
25 * (at your option) any later version. *
27 * This program is distributed in the hope that it will be useful, *
28 * GNU General Public License for more details. *
30 * You should have received a copy of the GNU General Public License *
31 * along with this program; if not, write to the Free Software *
32 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
34 ************************************************************************/
36 // Some security stuff...
37 if (!defined('__SECURITY')) {
39 } elseif (!isMember()) {
40 redirectToIndexMemberOnlyModule();
43 // Add description as navigation point
44 addYouAreHereLink('member', __FILE__);
46 if ((!isExtensionActive('order')) && (!isAdmin())) {
47 displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=order%}');
53 $ALLOWED = getUserData('receive_mails') - getUserData('mail_orders');
54 if (getConfig('order_max_full') == 'MAX') $ALLOWED = getUserData('receive_mails');
56 // Now check his points amount
57 $totalPoints = getTotalPoints(getMemberId());
59 if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (isUserDataEnabled('holiday_active'))) {
61 displayMessage('{--MEMBER_HOLIDAY_ORDER_NOT_POSSIBLE--}');
62 } elseif ((isPostRequestElementSet('frametester')) && ($ALLOWED > 0) && (postRequestElement('receiver') > 0)) {
63 // Continue with the frametester, we first need to store the data temporary in the pool
65 // First we would like to store the data and get it's pool position back...
66 $result = SQL_QUERY_ESC("SELECT
70 `{?_MYSQL_PREFIX?}_pool`
74 (UNIX_TIMESTAMP() - `timestamp`) >= {?url_tlock?}
78 postRequestElement('url')
79 ), __FILE__, __LINE__);
81 $type = 'TEMP'; $id = '0';
82 if (SQL_NUMROWS($result) == 1) {
83 // Load id and mail type
84 // @TODO Rewrite this to SQL_FETCHARRAY()
85 list($id, $type) = SQL_FETCHROW($result);
89 SQL_FREERESULT($result);
91 if ($type == 'TEMP') {
92 // No entry found, so we need to check out the stats table as well... :)
93 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
95 if (getConfig('allow_url_in_text') == 'Y') {
96 // Test submitted text against some filters (length, URLs in text etc.)
97 if ((isInStringIgnoreCase('https://', postRequestElement('text'))) || (isInStringIgnoreCase('http://', postRequestElement('text'))) || (isInStringIgnoreCase('www', postRequestElement('text')))) {
99 $url = 'modules.php?module=login&what=order&code=' . getCode('URL_FOUND');
102 // Remove new-line and carriage-return characters
103 $TEST = str_replace(array(chr(10), chr(13)), array('', ''), postRequestElement('text'));
105 // Text length within allowed length?
106 if (strlen($TEST) > getConfig('max_tlength')) {
108 $url = 'modules.php?module=login&what=order&code=' . getCode('OVERLENGTH');
112 // Shall I test the subject line against URLs?
113 if (getConfig('allow_url_in_subject') == 'Y') {
114 // Check the subject line for issues
115 setPostRequestElement('subject', str_replace(chr(92), '[nl]', substr(postRequestElement('subject'), 0, 200)));
116 if ((isInStringIgnoreCase('https://', postRequestElement('subject'))) || (isInStringIgnoreCase('http://', postRequestElement('subject'))) || (isInStringIgnoreCase('www', postRequestElement('subject')))) {
117 // URL in subject found
118 $url = 'modules.php?module=login&what=order&code=' . getCode('SUBJECT_URL');
122 // And shall I check that his URL is not in the black list?
123 if (isUrlBlacklistEnabled()) {
124 // Ok, I do that for you know...
125 $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1",
126 array(postRequestElement('url')), __FILE__, __LINE__);
128 if (SQL_NUMROWS($result) == 1) {
129 // Jupp, we got one listed
130 list($blist) = SQL_FETCHROW($result);
132 // Create redirect-URL
133 $url = 'modules.php?module=login&what=order&code=' . getCode('BLIST_URL') . '&blist=' . $blist;
137 SQL_FREERESULT($result);
140 // Enougth receivers entered?
141 if ((postRequestElement('receiver') < getConfig('order_min')) && (!isAdmin())) {
142 // Less than allowed receivers entered!
143 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS3');
147 if (!isUrlValid(postRequestElement('url'))) {
149 $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_URL');
152 // Probe for HTML extension
153 if (isExtensionActive('html_mail')) {
154 // HTML or regular text mail?
155 if (postRequestElement('html') == 'Y') {
156 // Chek for valid HTML tags
157 setPostRequestElement('text', checkHtmlTags(postRequestElement('text')));
159 // Maybe invalid tags found?
160 if (!isPostRequestElementSet('text')) $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS')."&id=".$id;
162 // Remove any HTML code
163 setPostRequestElement('text', str_replace(array('<', '>'), array('{OPEN_HTML}', '{CLOSE_HTML}'), postRequestElement('text')));
168 if ((!isPostRequestElementSet('mail_type')) || (postRequestElement('mail_type') < 1)) {
170 $url = 'modules.php?module=login&what=order&code=' . getCode('NO_MAIL_TYPE');
172 } elseif (!isAdmin()) {
173 // He has already sent a mail within a specific time
174 $url = 'modules.php?module=login&what=order&code=' . getCode('URL_TIME_LOCK') . '&id=' . $id;
180 $result = SQL_QUERY_ESC("SELECT
183 `{?_MYSQL_PREFIX?}_user_cats` AS c
185 `{?_MYSQL_PREFIX?}_user_data` AS d
187 c.`userid`=d.`userid`
191 d.`status`='CONFIRMED'
192 " . runFilterChain('user_exclusion_sql', ' ') . " AND
193 d.`receive_mails` > 0
195 d.`{?order_select?}` {?order_mode?}",
197 bigintval(postRequestElement('cat')),
199 ), __FILE__, __LINE__);
201 // Do we enougth receivers left?
202 if (SQL_NUMROWS($result) >= postRequestElement('receiver')) {
203 // Load receivers from database
204 $TEST = array(); $count = '0';
205 while ($holidayContent = SQL_FETCHARRAY($result)) {
206 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
207 // Check for his holiday status
208 $result_holiday = SQL_QUERY_ESC("SELECT
211 `{?_MYSQL_PREFIX?}_user_holidays`
214 `holiday_start` < UNIX_TIMESTAMP() AND
215 `holiday_end` > UNIX_TIMESTAMP()
217 array($holidayContent['userid']), __FILE__, __LINE__);
218 if (SQL_NUMROWS($result_holiday) == 1) {
219 // Exclude user who are in holiday
220 $holidayContent['userid'] = '0';
224 SQL_FREERESULT($result_holiday);
227 if ($holidayContent['userid'] > 0) {
229 array_push($TEST, $holidayContent['userid']);
235 SQL_FREERESULT($result);
237 // Implode array into string for the sending pool
238 $receiver = implode($TEST, ';');
240 // Count array for maximum sent
241 $content['target_send'] = count($TEST);
243 // Update receiver list
244 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s",
246 convertReceivers($receiver),
247 bigintval($content['target_send'])
248 ), __FILE__, __LINE__);
250 // Is calculated max receivers larger than wanted receivers then reset it
251 if ($content['target_send'] > postRequestElement('receiver')) {
252 $content['target_send'] = bigintval(postRequestElement('receiver'));
255 // Calculate used points
256 $usedPoints = $content['target_send'] * getPaymentData(bigintval(postRequestElement('mail_type')));
258 // Fix empty zip code
259 if (!isPostRequestElementSet('zip')) {
260 setPostRequestElement('zip', 0);
263 // Check if he has enougth points for this order and selected more than 0 receivers
264 if (($usedPoints > 0) && ($usedPoints <= $totalPoints) && ($content['target_send'] > 0)) {
265 // Gettings points is okay, so we can add $usedPoints later from
266 if (($id == '0') || ($type != 'TEMP')) {
269 if (isExtensionActive('html_mail')) {
270 // HTML extension is active
271 SQL_QUERY_ESC("INSERT INTO
272 `{?_MYSQL_PREFIX?}_pool`
302 postRequestElement('subject'),
303 postRequestElement('text'),
305 bigintval(postRequestElement('mail_type')),
306 postRequestElement('url'),
307 bigintval(postRequestElement('cat')),
308 bigintval($content['target_send']),
309 bigintval(postRequestElement('zip'), true, false),
310 postRequestElement('html')
311 ), __FILE__, __LINE__);
313 // No HTML extension is active
314 SQL_QUERY_ESC("INSERT INTO
315 `{?_MYSQL_PREFIX?}_pool`
343 postRequestElement('subject'),
344 postRequestElement('text'),
346 bigintval(postRequestElement('mail_type')),
347 postRequestElement('url'),
348 bigintval(postRequestElement('cat')),
349 bigintval($content['target_send']),
350 bigintval(postRequestElement('zip'), true, false),
351 ), __FILE__, __LINE__);
354 // Change current order
355 if (isExtensionActive('html_mail')) {
356 // HTML extension is active
357 SQL_QUERY_ESC("UPDATE
358 `{?_MYSQL_PREFIX?}_pool`
364 `timestamp`=UNIX_TIMESTAMP(),
374 postRequestElement('subject'),
375 postRequestElement('text'),
377 bigintval(postRequestElement('mail_type')),
378 postRequestElement('url'),
379 bigintval(postRequestElement('cat')),
380 $content['target_send'],
381 bigintval(postRequestElement('zip')),
382 postRequestElement('html'),
384 ), __FILE__, __LINE__);
386 // No HTML extension is active
387 SQL_QUERY_ESC("UPDATE
388 `{?_MYSQL_PREFIX?}_pool`
394 `timestamp`=UNIX_TIMESTAMP(),
403 postRequestElement('subject'),
404 postRequestElement('text'),
406 bigintval(postRequestElement('mail_type')),
407 postRequestElement('url'),
408 bigintval(postRequestElement('cat')),
409 $content['target_send'],
410 bigintval(postRequestElement('zip')),
412 ), __FILE__, __LINE__);
416 // Do we need to get the id number?
418 // Order is placed as temporary. We need to get it's id for the frametester
419 $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1",
422 postRequestElement('subject'),
423 bigintval(postRequestElement('mail_type'))
424 ), __FILE__, __LINE__);
427 list($id) = SQL_FETCHROW($result);
430 SQL_FREERESULT($result);
433 // id is received so we can redirect the user, used points will be added when he send's out the mail
434 $url = 'modules.php?module=frametester&order=' . $id;
435 } elseif ($content['target_send'] == '0') {
436 // Not enougth receivers found which can receive mails
437 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS2');
439 // No enougth points left!
440 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_POINTS');
443 // Ordered more mails than he can send in this category
444 $url = 'modules.php?module=login&what=order&code=' . getCode('NO_RECS_LEFT');
447 } elseif (postRequestElement('receiver') == '0') {
448 // Not enougth receivers selected
449 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS1');
450 } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) {
451 // No more mail orders allowed
452 displayMessage('{--MEMBER_ORDER_ALLOWED_EXHAUSTED--}');
453 } elseif (getTotalUnconfirmedMails(getMemberId()) < getConfig('unconfirmed')) {
454 // Show only enabled categories to the user ...
455 $whereStatement = " WHERE `visible`='Y'";
457 // ... but all to the admin
458 if (isAdmin()) $whereStatement = '';
460 // Display order form
461 $result_cats = SQL_QUERY("SELECT
465 `{?_MYSQL_PREFIX?}_cats`
468 `sort` ASC", __FILE__, __LINE__);
470 // Some categories found?
471 if (!SQL_HASZERONUMS($result_cats)) {
472 // Enought points left?
473 if ($totalPoints > 0) {
474 // Initialize array...
481 // Enable HTML checking
482 // @TODO Rewrite this to a filter
483 $HTML = ''; $HOL_STRING = '';
484 if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
485 $HTML = " AND `html`='Y'";
487 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
488 // Extension's version is fine
489 $HOL_STRING = " AND `holiday_active`='N'";
492 // ... and begin loading stuff
493 while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
494 $categories['id'][] = bigintval($categoriesContent['id']);
495 array_push($categories['name'], $categoriesContent['cat']);
497 // Select users in current category
498 $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC",
499 array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__);
502 while (list($userid) = SQL_FETCHROW($result_userids)) {
503 // Check for holiday system
504 $isHolidayActive = false;
505 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
506 // Check user's holiday status
507 $result_holiday = SQL_QUERY_ESC("SELECT
508 COUNT(d.`userid`) AS `cnt`
510 `{?_MYSQL_PREFIX?}_user_data` AS d
512 `{?_MYSQL_PREFIX?}_user_holidays` AS h
514 d.`userid`=h.`userid`
517 d.`receive_mails` > 0 AND
518 d.`status`='CONFIRMED' AND
519 d.`holiday_active`='Y' AND
520 h.`holiday_start` < UNIX_TIMESTAMP() AND
521 h.`holiday_end` > UNIX_TIMESTAMP()
523 array(bigintval($userid)), __FILE__, __LINE__);
526 list($count) = SQL_FETCHROW($result_holiday);
529 SQL_FREERESULT($result_holiday);
531 // Is holiday is active?
532 $isHolidayActive = ($count == 1);
535 if ($isHolidayActive === false) {
536 // Check if the user want's to receive mails?
537 $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1",
538 array(bigintval($userid)), __FILE__, __LINE__);
540 if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestElementSet('zip')) && (isOrderMultiPageEnabled())) {
542 list($zip) = SQL_FETCHROW($result_ver);
543 if (substr($zip, 0, strlen(postRequestElement('zip'))) == postRequestElement('zip')) {
544 // Ok, ZIP code part is found
549 $userid_cnt += SQL_NUMROWS($result_ver);
553 SQL_FREERESULT($result_ver);
558 SQL_FREERESULT($result_userids);
559 array_push($categories['userids'], $userid_cnt);
563 SQL_FREERESULT($result_cats);
565 // Now we need to load the mail types...
566 $result = SQL_QUERY("SELECT `id`,`price`,`payment`,`mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__);
569 if (!SQL_HASZERONUMS($result)) {
570 // Is the error code set?
571 if (isGetRequestElementSet('code')) {
572 // Display error message
573 displayMessage(getMessageFromErrorCode(getRequestElement('code')));
576 // Load all email types...
577 while ($type = SQL_FETCHARRAY($result)) {
578 array_push($types, $type);
582 SQL_FREERESULT($result);
584 // Output user's points
585 $content['total_points'] = $totalPoints;
587 // Check how many mail orders he has placed today and how many he's allowed to send
588 switch (getConfig('order_max_full')) {
589 case 'MAX': // He is allowed to send as much as possible
590 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_MAX--}';
593 case 'ORDER': // He is allowed to send as much as he setup the receiving value
594 $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, getUserData('receive_mails'));
597 default: // Unknown/invalid
598 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full')));
599 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_UNKNOWN--}';
603 // Load final template
604 loadTemplate('member_order_points', false, $content);
612 // Check if we already have an order placed and make it editable
613 $result = SQL_QUERY_ESC("SELECT
623 `{?_MYSQL_PREFIX?}_pool`
628 array(getMemberId()), __FILE__, __LINE__);
630 if (SQL_NUMROWS($result) == 1) {
632 $content = merge_array($content, SQL_FETCHARRAY($result));
634 // Fix max receivers when it is too much
635 if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) {
637 $content['target_send'] = $categories['userids'][$content['cat_id']];
640 // Old order is grabbed
643 // Default output for that your members don't forget it...
644 $content['url'] = 'http://';
645 $content['target_send'] = '{?order_min?}';
646 $content['subject'] = '';
647 $content['text'] = '';
651 SQL_FREERESULT($result);
653 if ((isPostRequestElementSet('data')) || ((getOrderMultiPage() != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
654 // Pre-output categories
655 $content['category_selection'] = generateCategoryOptionsList(((isExtensionActive('html_mail')) && (isPostRequestElementSet('html'))) ? postRequestElement('html') : 'N', getMemberId());
658 $content['type_selection'] = '';
659 foreach ($types as $key => $value) {
660 if (is_array($value)) {
661 // Output option line
662 $content['type_selection'] .= ' <option value="' . $types[$key]['id'] . '"';
663 if (($OLD_ORDER) && ($content['payment_id'] == $types[$key]['id'])) $content['type_selection'] .= ' selected="selected"';
664 $content['type_selection'] .= '>{%pipe,translateComma=' . $types[$key]['price'] . '%} {--PER_MAIL--} - ' . $types[$key]['mail_title'] . ' - ' . round($types[$key]['payment']) . ' {--PAYMENT--}</option>';
668 // No content is default
669 $content['zip_content'] = '';
671 if (isPostRequestElementSet('zip')) {
672 // Output entered ZIP code
673 $content['zip_content'] = loadTemplate('member_order_zip2', true, postRequestElement('zip'));
676 // No HTML extension installed by default
677 $content['html_extension'] = '<input type="hidden" name="html" value="N" />';
680 if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
681 // Extension is active so output valid HTML tags
682 $content['html_extension'] = loadTemplate('member_order_html_ext', true);
685 // Output form for page 2
686 loadTemplate('member_order_page2', false, $content);
688 // No HTML extension installed by default
689 $content['html_extension'] = '<input type="hidden" name="html" value="N" />';
691 // Remember maybe entered ZIP code in constant
692 if (isExtensionActive('html_mail')) {
693 // Add some content when html extension is active
694 $content['html_extension'] = loadTemplate('member_order_html_intro', true);
697 // Default is no ZIP code
698 $content['zip_content'] = '';
700 // Do we want ZIP code or not?
701 if ((isOrderMultiPageEnabled()) || (isAdmin())) {
703 if (postRequestElement('zip') > 0) {
705 'zip' => bigintval(postRequestElement('zip'))
712 $content['zip_content'] = loadTemplate('member_order_zip1', true, $data);
715 // Output form for page 1 (ZIP code or HTML)
716 loadTemplate('member_order_page1', false, $content);
719 // No mail types defined
720 displayMessage('<span class="bad">{--MEMBER_ORDER_NO_PAYMENTS--}</span>');
724 displayMessage('<span class="bad">{--MEMBER_ORDER_NO_POINTS--}</span>');
727 // No cateogries are defined yet
728 displayMessage('<span class="bad">{--MEMBER_NO_CATEGORIES--}</span>');
731 // Please confirm some mails first
732 displayMessage('<span class="notice">{%message,MEMBER_ORDER_LINKS_LEFT=' . getTotalUnconfirmedMails(getMemberId()) . '%}</span>');
736 // Redirect to requested URL