0",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($total) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Get totally used points and password
$result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($used, $pass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Remember maximum value for template
define('__TRANSFER_MAX_VALUE', round($total - $used - $_CONFIG['transfer_balance'] - 0.5));
if (isset($_POST['ok']))
{
// Add new transfer
if ($_CONFIG['transfer_code'] > 0)
{
// Check for code
$code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
$valid_code = ($code == $_POST['code']);
}
else
{
// Zero length (= disabled) is always valid!
$valid_code = true;
}
// Test password
$valid_pass = ($pass == generateHash($_POST['password'], $pass));
// Test transfer amount
$valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE));
// Test reason for transfer
$valid_reason = (!empty($_POST['reason']));
// Test if a recipient is selected
$valid_recipient = ($_POST['to_uid'] > 0);
// Check for nickname extension and set additional data
$nick = false; $ADD = ", userid";
if (EXT_IS_ACTIVE("nickname"))
{
$ADD = ", nickname";
$nick = true;
}
// Re-check receivers and own personal data
$result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
$valid_data = (SQL_NUMROWS($result) == 2);
if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient)
{
// Let's start the transfer and load user data
list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);
list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ($uid1 == $GLOBALS['userid'])
{
// Data row 1 is sender's data
define('__SENDER_SEX' , TRANSLATE_SEX($sex1));
define('__SENDER_NICK' , $nick1);
define('__SENDER_SNAME' , $sname1);
define('__SENDER_FNAME' , $fname1);
define('__SENDER_EMAIL' , $email1);
// Data row 2 is recpient's data
define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2));
define('__RECIPIENT_NICK' , $nick2);
define('__RECIPIENT_SNAME', $sname2);
define('__RECIPIENT_FNAME', $fname2);
define('__RECIPIENT_EMAIL', $email2);
// Prepare variables for testing
$TEST_NICK_SENDER = $nick1;
$TEST_NICK_REC = $nick2;
}
else
{
// Data row 2 is sender's data
define('__SENDER_SEX' , TRANSLATE_SEX($sex2));
define('__SENDER_NICK' , $nick2);
define('__SENDER_SNAME' , $sname2);
define('__SENDER_FNAME' , $fname2);
define('__SENDER_EMAIL' , $email2);
// Data row 1 is recpient's data
define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1));
define('__RECIPIENT_NICK' , $nick1);
define('__RECIPIENT_SNAME', $sname1);
define('__RECIPIENT_FNAME', $fname1);
define('__RECIPIENT_EMAIL', $email1);
// Prepare variables for testing
$TEST_NICK_SENDER = $nick2;
$TEST_NICK_REC = $nick1;
}
// Sender's UID is always currently stored in cookie userid...
define('__SENDER_UID' , $GLOBALS['userid']);
define('__RECIPIENT_UID' , $_POST['to_uid']);
$SENDER = __SENDER_UID;
$RECIPIENT = __RECIPIENT_UID;
if ($nick)
{
if (($TEST_NICK_SENDER != __SENDER_UID) && (!empty($TEST_NICK_SENDER)))
{
$SENDER = __SENDER_NICK;
}
if (($TEST_NICK_REC != __RECIPIENT_UID) && (!empty($TEST_NICK_REC)))
{
$RECIPIENT = __RECIPIENT_NICK;
}
}
// Remember transfer reason and fancy date/time in constants
define('__TRANSFER_REASON', $_POST['reason']);
if (function_exists('CREATE_FANCY_TIME'))
{
define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($_CONFIG['transfer_age']));
}
else
{
define('__TRANSFER_EXPIRES', round($_CONFIG['transfer_age']/60/60/24)." ".DAYS);
}
// Generate tranafer id
define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));
// Add entries to both tables
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",
array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
__FILE__, __LINE__);
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",
array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
__FILE__, __LINE__);
// Add points to account *directly* ...
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);
// ... and add it to current user's used points
SUB_POINTS($GLOBALS['userid'], $_POST['points']);
// First send email to recipient
$msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
SEND_EMAIL(__RECIPIENT_EMAIL, TRANSFER_MEMBER_RECIPIENT_SUBJ.": ".$SENDER, $msg);
// Second send email to sender
$msg = LOAD_EMAIL_TEMPLATE("member_transfer_sender", "", __SENDER_UID);
SEND_EMAIL(__SENDER_EMAIL, TRANSFER_MEMBER_SENDER_SUBJ.": ".$RECIPIENT, $msg);
// At last send admin mail(s)
$ADMIN_SUBJ = sprintf("%s (%s->%s)", TRANSFER_ADMIN_SUBJECT, $SENDER, $RECIPIENT);
SEND_ADMIN_NOTIFICATION($ADMIN_SUBJ, "admin_transfer_points");
// Transfer is completed
LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."
".TRANSFER_CONTINUE_OVERVIEW."");
}
elseif (!$valid_code)
{
// Invalid Touring code!
OUTPUT_HTML("
".TRANSFER_INVALID_CODE."
"); unset($_POST['ok']); } elseif (!$valid_pass) { // Wrong password entered OUTPUT_HTML("".TRANSFER_INVALID_PASSWORD."
"); unset($_POST['ok']); } elseif (!$valid_amount) { // Too much points entered OUTPUT_HTML("".TRANSFER_INVALID_POINTS."
"); unset($_POST['ok']); } elseif (!$valid_reason) { // No transfer reason entered OUTPUT_HTML("".TRANSFER_INVALID_REASON."
"); unset($_POST['ok']); } elseif (!$valid_recipient) { // No recipient selected OUTPUT_HTML("".TRANSFER_INVALID_RECIPIENT."
"); unset($_POST['ok']); } elseif (!$valid_data) { // No recipient selected OUTPUT_HTML("".TRANSFER_INVALID_DATA."
"); unset($_POST['ok']); } } if (!isset($_POST['ok'])) { // Load member list if (EXT_IS_ACTIVE("nickname")) { // Load userid and nickname $result = SQL_QUERY_ESC("SELECT userid, nickname FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid", array($GLOBALS['userid']), __FILE__, __LINE__); } else { // Load only userid $result = SQL_QUERY_ESC("SELECT userid, userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid", array($GLOBALS['userid']), __FILE__, __LINE__); } if (SQL_NUMROWS($result) > 0) { // Load list $OUT = "