2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 10/19/2003 *
4 * =================== Last change: 08/26/2004 *
6 * -------------------------------------------------------------------- *
7 * File : what-order.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Order mails here *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Hier koennen Ihre Mitglieder Mails buchen *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * -------------------------------------------------------------------- *
18 * Copyright (c) 2003 - 2009 by Roland Haeder *
19 * Copyright (c) 2009 - 2011 by Mailer Developer Team *
20 * For more information visit: http://www.mxchange.org *
22 * This program is free software; you can redistribute it and/or modify *
23 * it under the terms of the GNU General Public License as published by *
24 * the Free Software Foundation; either version 2 of the License, or *
25 * (at your option) any later version. *
27 * This program is distributed in the hope that it will be useful, *
28 * GNU General Public License for more details. *
30 * You should have received a copy of the GNU General Public License *
31 * along with this program; if not, write to the Free Software *
32 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
34 ************************************************************************/
36 // Some security stuff...
37 if (!defined('__SECURITY')) {
39 } elseif (!isMember()) {
40 redirectToIndexMemberOnlyModule();
43 // Add description as navigation point
44 addYouAreHereLink('member', __FILE__);
46 if ((!isExtensionActive('order')) && (!isAdmin())) {
47 displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=order%}');
53 // Count unconfirmed mails
54 $links = countSumTotalData(getMemberId(), 'user_links', 'id', 'userid', true);
56 $ALLOWED = getUserData('receive_mails') - getUserData('mail_orders');
57 if (getConfig('order_max_full') == 'MAX') $ALLOWED = getUserData('receive_mails');
59 // Now check his points amount
60 $total = getTotalPoints(getMemberId());
62 if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (isUserDataEnabled('holiday_active'))) {
64 displayMessage('{--MEMBER_HOLIDAY_ORDER_NOT_POSSIBLE--}');
65 } elseif ((isPostRequestParameterSet('frametester')) && ($ALLOWED > 0) && (postRequestParameter('receiver') > 0)) {
66 // Continue with the frametester, we first need to store the data temporary in the pool
68 // First we would like to store the data and get it's pool position back...
69 $result = SQL_QUERY_ESC("SELECT `id`, `data_type`
71 `{?_MYSQL_PREFIX?}_pool`
75 (UNIX_TIMESTAMP() - `timestamp`) >= {?url_tlock?}
79 postRequestParameter('url')
80 ), __FILE__, __LINE__);
82 $type = 'TEMP'; $id = '0';
83 if (SQL_NUMROWS($result) == 1) {
84 // Load id and mail type
85 // @TODO Rewrite this to SQL_FETCHARRAY()
86 list($id, $type) = SQL_FETCHROW($result);
90 SQL_FREERESULT($result);
92 if ($type == 'TEMP') {
93 // No entry found, so we need to check out the stats table as well... :)
94 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
96 if (getConfig('allow_url_in_text') == 'Y') {
97 // Test submitted text against some filters (length, URLs in text etc.)
98 if ((strpos(strtolower(postRequestParameter('text')), 'https://') > -1) || (strpos(strtolower(postRequestParameter('text')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('text')), "www") > -1)) {
100 $url = 'modules.php?module=login&what=order&code=' . getCode('URL_FOUND');
103 // Remove new-line and carriage-return characters
104 $TEST = str_replace("\n", '', str_replace("\r", '', postRequestParameter('text')));
106 // Text length within allowed length?
107 if (strlen($TEST) > getConfig('max_tlength')) {
109 $url = 'modules.php?module=login&what=order&code=' . getCode('OVERLENGTH');
113 // Shall I test the subject line against URLs?
114 if (getConfig('allow_url_in_subject') == 'Y') {
115 // Check the subject line for issues
116 setPostRequestParameter('subject', str_replace("\\", '[nl]', substr(postRequestParameter('subject'), 0, 200)));
117 if ((strpos(strtolower(postRequestParameter('subject')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('subject')), "www") > -1)) {
118 // URL in subject found
119 $url = 'modules.php?module=login&what=order&code=' . getCode('SUBJECT_URL');
123 // And shall I check that his URL is not in the black list?
124 if (isUrlBlacklistEnabled()) {
125 // Ok, I do that for you know...
126 $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1",
127 array(postRequestParameter('url')), __FILE__, __LINE__);
129 if (SQL_NUMROWS($result) == 1) {
130 // Jupp, we got one listed
131 list($blist) = SQL_FETCHROW($result);
133 // Create redirect-URL
134 $url = 'modules.php?module=login&what=order&code=' . getCode('BLIST_URL') . '&blist=' . $blist;
138 SQL_FREERESULT($result);
141 // Enougth receivers entered?
142 if ((postRequestParameter('receiver') < getConfig('order_min')) && (!isAdmin())) {
143 // Less than allowed receivers entered!
144 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS3');
148 if (!isUrlValid(postRequestParameter('url'))) {
150 $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_URL');
153 // Probe for HTML extension
154 if (isExtensionActive('html_mail')) {
155 // HTML or regular text mail?
156 if (postRequestParameter('html') == 'Y') {
157 // Chek for valid HTML tags
158 setPostRequestParameter('text', checkHtmlTags(postRequestParameter('text')));
160 // Maybe invalid tags found?
161 if (!isPostRequestParameterSet('text')) $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS')."&id=".$id;
163 // Remove any HTML code
164 setPostRequestParameter('text', str_replace('<', '{OPEN_HTML}', str_replace('>', '{CLOSE_HTML}', postRequestParameter('text'))));
169 if ((!isPostRequestParameterSet('mail_type')) || (postRequestParameter('mail_type') < 1)) {
171 $url = 'modules.php?module=login&what=order&code=' . getCode('NO_MAIL_TYPE');
173 } elseif (!isAdmin()) {
174 // He has already sent a mail within a specific time
175 $url = 'modules.php?module=login&what=order&code=' . getCode('URL_TIME_LOCK') . '&id=' . $id;
180 // Check if category and number of receivers is okay
182 if ((isOrderMultiPageEnabled()) && (isPostRequestParameterSet('zip')) && (postRequestParameter('zip') != '')) {
183 // Choose recipients by ZIP code
184 $add = sprintf(" AND d.zip LIKE '%s%%'",
185 bigintval(postRequestParameter('zip'))
190 $result = SQL_QUERY_ESC("SELECT
193 `{?_MYSQL_PREFIX?}_user_cats` AS c
195 `{?_MYSQL_PREFIX?}_user_data` AS d
201 d.`status`='CONFIRMED' AND
205 d.{?order_select?} {?order_mode?}",
207 bigintval(postRequestParameter('cat')),
209 ), __FILE__, __LINE__);
211 // Do we enougth receivers left?
212 if (SQL_NUMROWS($result) >= postRequestParameter('receiver')) {
213 // Load receivers from database
214 $TEST = array(); $count = '0';
215 while ($holidayContent = SQL_FETCHARRAY($result)) {
216 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
217 // Check for his holiday status
218 $result_holiday = SQL_QUERY_ESC("SELECT
221 `{?_MYSQL_PREFIX?}_user_holidays`
224 `holiday_start` < UNIX_TIMESTAMP() AND
225 `holiday_end` > UNIX_TIMESTAMP()
227 array($holidayContent['userid']), __FILE__, __LINE__);
228 if (SQL_NUMROWS($result_holiday) == 1) {
229 // Exclude user who are in holiday
230 $holidayContent['userid'] = '0';
234 SQL_FREERESULT($result_holiday);
237 if ($holidayContent['userid'] > 0) {
239 $TEST[] = $holidayContent['userid'];
245 SQL_FREERESULT($result);
247 // Implode array into string for the sending pool
248 $receiver = implode($TEST, ';');
250 // Count array for maximum sent
251 $content['target_send'] = count($TEST);
253 // Update receiver list
254 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s",
256 convertReceivers($receiver),
257 bigintval($content['target_send'])
258 ), __FILE__, __LINE__);
260 // Is calculated max receivers larger than wanted receivers then reset it
261 if ($content['target_send'] > postRequestParameter('receiver')) {
262 $content['target_send'] = bigintval(postRequestParameter('receiver'));
265 // Calculate used points
266 $USED = $content['target_send'] * getPaymentPoints(bigintval(postRequestParameter('mail_type')));
268 // Fix empty zip code
269 if (!isPostRequestParameterSet('zip')) {
270 setPostRequestParameter('zip', 0);
273 // Check if he has enougth points for this order and selected more than 0 receivers
274 if (($USED > 0) && ($USED <= $total) && ($content['target_send'] > 0)) {
275 // Gettings points is okay, so we can add $USED later from
276 if (($id == '0') || ($type != 'TEMP')) {
279 if (isExtensionActive('html_mail')) {
280 // HTML extension is active
281 SQL_QUERY_ESC("INSERT INTO
282 `{?_MYSQL_PREFIX?}_pool`
312 postRequestParameter('subject'),
313 postRequestParameter('text'),
315 bigintval(postRequestParameter('mail_type')),
316 postRequestParameter('url'),
317 bigintval(postRequestParameter('cat')),
318 bigintval($content['target_send']),
319 bigintval(postRequestParameter('zip'), true, false),
320 postRequestParameter('html')
321 ), __FILE__, __LINE__);
323 // No HTML extension is active
324 SQL_QUERY_ESC("INSERT INTO
325 `{?_MYSQL_PREFIX?}_pool`
353 postRequestParameter('subject'),
354 postRequestParameter('text'),
356 bigintval(postRequestParameter('mail_type')),
357 postRequestParameter('url'),
358 bigintval(postRequestParameter('cat')),
359 bigintval($content['target_send']),
360 bigintval(postRequestParameter('zip'), true, false),
361 ), __FILE__, __LINE__);
364 // Change current order
365 if (isExtensionActive('html_mail')) {
366 // HTML extension is active
367 SQL_QUERY_ESC("UPDATE
368 `{?_MYSQL_PREFIX?}_pool`
374 `timestamp`=UNIX_TIMESTAMP(),
384 postRequestParameter('subject'),
385 postRequestParameter('text'),
387 bigintval(postRequestParameter('mail_type')),
388 postRequestParameter('url'),
389 bigintval(postRequestParameter('cat')),
390 $content['target_send'],
391 bigintval(postRequestParameter('zip')),
392 postRequestParameter('html'),
394 ), __FILE__, __LINE__);
396 // No HTML extension is active
397 SQL_QUERY_ESC("UPDATE
398 `{?_MYSQL_PREFIX?}_pool`
404 `timestamp`=UNIX_TIMESTAMP(),
413 postRequestParameter('subject'),
414 postRequestParameter('text'),
416 bigintval(postRequestParameter('mail_type')),
417 postRequestParameter('url'),
418 bigintval(postRequestParameter('cat')),
419 $content['target_send'],
420 bigintval(postRequestParameter('zip')),
422 ), __FILE__, __LINE__);
426 // Do we need to get the id number?
428 // Order is placed as temporary. We need to get it's id for the frametester
429 $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1",
432 postRequestParameter('subject'),
433 bigintval(postRequestParameter('mail_type'))
434 ), __FILE__, __LINE__);
437 list($id) = SQL_FETCHROW($result);
440 SQL_FREERESULT($result);
443 // id is received so we can redirect the user, used points will be added when he send's out the mail
444 $url = 'modules.php?module=frametester&order=' . $id;
445 } elseif ($content['target_send'] == '0') {
446 // Not enougth receivers found which can receive mails
447 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS2');
449 // No enougth points left!
450 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_POINTS');
453 // Ordered more mails than he can send in this category
454 $url = 'modules.php?module=login&what=order&code=' . getCode('NO_RECS_LEFT');
457 } elseif (postRequestParameter('receiver') == '0') {
458 // Not enougth receivers selected
459 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS1');
460 } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) {
461 // No more mail orders allowed
462 displayMessage('{--MEMBER_ORDER_ALLOWED_EXHAUSTED--}');
463 } elseif ($links < getConfig('unconfirmed')) {
464 // Show only enabled categories to the user ...
465 $whereStatement = " WHERE `visible`='Y'";
467 // ... but all to the admin
468 if (isAdmin()) $whereStatement = '';
470 // Display order form
471 $result_cats = SQL_QUERY("SELECT
474 `{?_MYSQL_PREFIX?}_cats`
477 `sort` ASC", __FILE__, __LINE__);
478 if (!SQL_HASZERONUMS($result_cats)) {
480 // Initialize array...
487 // Enable HTML checking
488 // @TODO Rewrite this to a filter
489 $HTML = ''; $HOL_STRING = '';
490 if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) {
491 $HTML = " AND `html`='Y'";
493 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
494 // Extension's version is fine
495 $HOL_STRING = " AND `holiday_active`='N'";
498 // ... and begin loading stuff
499 while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
500 $categories['id'][] = bigintval($categoriesContent['id']);
501 $categories['name'][] = $categoriesContent['cat'];
503 // Select users in current category
504 $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC",
505 array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__);
508 while (list($userid) = SQL_FETCHROW($result_userids)) {
509 // Check for holiday system
510 $isHolidayActive = false;
511 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
512 // Check user's holiday status
513 $result_holiday = SQL_QUERY_ESC("SELECT
514 COUNT(d.userid) AS `cnt`
516 `{?_MYSQL_PREFIX?}_user_data` AS d
518 `{?_MYSQL_PREFIX?}_user_holidays` AS h
523 d.receive_mails > 0 AND
524 d.`status`='CONFIRMED' AND
525 d.`holiday_active`='Y' AND
526 h.holiday_start < UNIX_TIMESTAMP() AND
527 h.holiday_end > UNIX_TIMESTAMP()
529 array(bigintval($userid)), __FILE__, __LINE__);
532 list($count) = SQL_FETCHROW($result_holiday);
535 SQL_FREERESULT($result_holiday);
537 // Is holiday is active?
538 $isHolidayActive = ($count == 1);
541 if ($isHolidayActive === false) {
542 // Check if the user want's to receive mails?
543 $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1",
544 array(bigintval($userid)), __FILE__, __LINE__);
546 if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestParameterSet('zip')) && (isOrderMultiPageEnabled())) {
548 list($zip) = SQL_FETCHROW($result_ver);
549 if (substr($zip, 0, strlen(postRequestParameter('zip'))) == postRequestParameter('zip')) {
550 // Ok, ZIP code part is found
555 $userid_cnt += SQL_NUMROWS($result_ver);
559 SQL_FREERESULT($result_ver);
564 SQL_FREERESULT($result_userids);
565 $categories['userids'][] = $userid_cnt;
569 SQL_FREERESULT($result_cats);
571 // Now we need to load the mail types...
572 $result = SQL_QUERY("SELECT `id`, `price`, `payment`, `mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__);
575 if (!SQL_HASZERONUMS($result)) {
576 // Check for message id in URL
577 $message = getMessageFromErrorCode(getRequestParameter('code'));
579 if (!empty($message)) {
580 // We got system message so we drop it out to the user
581 displayMessage($message);
584 // Load all email types...
585 while ($types[] = SQL_FETCHROW($result)) {
586 // Nothing to do here... ;-)
590 SQL_FREERESULT($result);
592 // Output user's points
593 $content['total_points'] = $total;
595 // Check how many mail orders he has placed today and how many he's allowed to send
596 switch (getConfig('order_max_full')) {
597 case 'MAX': // He is allowed to send as much as possible
598 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_MAX--}';
601 case 'ORDER': // He is allowed to send as much as he setup the receiving value
602 $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, getUserData('receive_mails'));
605 default: // Unknown/invalid
606 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full')));
607 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_UNKNOWN--}';
611 // Load final template
612 loadTemplate('member_order_points', false, $content);
620 // Check if we already have an order placed and make it editable
621 $result = SQL_QUERY_ESC("SELECT
622 `subject`, `text`, `payment_id`, `timestamp`, `url`, `target_send`, `cat_id`, `zip`
624 `{?_MYSQL_PREFIX?}_pool`
629 array(getMemberId()), __FILE__, __LINE__);
631 if (SQL_NUMROWS($result) == 1) {
633 $content = merge_array($content, SQL_FETCHARRAY($result));
635 // Fix max receivers when it is too much
636 if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) {
638 $content['target_send'] = $categories['userids'][$content['cat_id']];
641 // Old order is grabbed
644 // Default output for that your members don't forget it...
645 $content['url'] = 'http://';
646 $content['target_send'] = '{?order_min?}';
647 $content['subject'] = '{--ORDER_DEFAULT_SUBJECT--}';
648 $content['text'] = '{--ORDER_DEFAULT_TEXT--}';
652 SQL_FREERESULT($result);
654 if ((isPostRequestParameterSet('data')) || ((getOrderMultiPage() != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
655 // Pre-output categories
656 $content['category_selection'] = '';
657 foreach ($categories['id'] as $key => $value) {
658 $content['category_selection'] .= ' <option value="' . $value . '"';
659 if (($OLD_ORDER) && ($content['cat_id'] == $value)) $content['category_selection'] .= ' selected="selected"';
660 $content['category_selection'] .= '>' . $categories['name'][$key]." (".$categories['userids'][$key] . ' {--USER_IN_CAT--})</option>';
664 $content['type_selection'] = '';
665 foreach ($types as $key => $value) {
666 if (is_array($value)) {
667 // Output option line
668 $content['type_selection'] .= ' <option value="' . $types[$key][0] . '"';
669 if (($OLD_ORDER) && ($content['payment_id'] == $types[$key][0])) $content['type_selection'] .= ' selected="selected"';
670 $content['type_selection'] .= '>{%pipe,translateComma=' . $types[$key][1] . '%} {--PER_MAIL--} - ' . $types[$key][3] . ' - ' . round($types[$key][2]) . ' {--PAYMENT--}</option>';
674 // No content is default
675 $content['zip_content'] = '';
677 if (isPostRequestParameterSet('zip')) {
678 // Output entered ZIP code
679 $content['zip_content'] = loadTemplate('member_order-zip2', true, postRequestParameter('zip'));
683 if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) {
684 // Extension is active so output valid HTML tags
685 $content['html_extension'] = loadTemplate('member_order-html_ext', true, addValidHtmlTags());
687 // Extension not active and/or class not uploaded
688 $content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
691 // Output form for page 2
692 loadTemplate('member_order_page2', false, $content);
694 // Remember maybe entered ZIP code in constant
695 if (isExtensionActive('html_mail')) {
696 // Add some content when html extension is active
697 $content['html_extension'] = loadTemplate('member_order-html_intro', true);
699 // No HTML extension installed
700 $content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
703 // Default is no ZIP code
704 $content['zip_content'] = '';
706 // Do we want ZIP code or not?
707 if ((isOrderMultiPageEnabled()) || (isAdmin())) {
709 if (postRequestParameter('zip') > 0) {
711 'zip' => bigintval(postRequestParameter('zip'))
718 $content['zip_content'] = loadTemplate('member_order-zip1', true, $data);
721 // Output form for page 1 (ZIP code or HTML)
722 loadTemplate('member_order_page1', false, $content);
725 // No mail types defined
726 displayMessage('<span class="notice">{--MEMBER_NO_PAYMENTS--}</span>');
730 displayMessage('<span class="notice">{--MEMBER_NO_POINTS--}</span>');
733 // No cateogries are defined yet
734 displayMessage('<span class="notice">{--MEMBER_NO_CATEGORIES--}</span>');
737 // Please confirm some mails first
738 displayMessage('<span class="notice">{%message,MEMBER_LINKS_LEFT=' . $links . '%}</span>', $links);
742 // Redirect to requested URL