0) {
// Check for code
$code = generateRandomCode(getConfig('transfer_code'), postRequestParameter('code_chk'), getMemberId(), $content['max_transferable']);
$valid_code = ($code == postRequestParameter('code'));
} else {
// Zero length (= disabled) is always valid!
$valid_code = true;
}
// Test password
$valid_pass = ($pass == generateHash(postRequestParameter('password'), $pass));
// Test transfer amount
$valid_amount = ((isPostRequestParameterSet('points')) && (postRequestParameter('points') <= $content['max_transferable']));
// Test reason for transfer
$valid_reason = (isPostRequestParameterSet('reason'));
// Test if a recipient is selected
$valid_recipient = isValidUserId(postRequestParameter('to_userid'));
// Check for nickname extension and set additional data
// @TODO Rewrite this to a filter
$add = '';
if (isExtensionActive('nickname')) {
$add = ', `nickname`';
} // END - if
// Re-check receivers and own personal data
$result = SQL_QUERY_ESC("SELECT `userid`, `gender`, `surname`, `family`, `email`".$add." FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid` IN ('%s','%s') AND `status`='CONFIRMED' LIMIT 2",
array(
getMemberId(),
bigintval(postRequestParameter('to_userid'))
), __FILE__, __LINE__);
// Do we have two entries?
$valid_data = (SQL_NUMROWS($result) == 2);
// Final check if all is fine
if ($valid_code && $valid_data && $valid_pass && $valid_amount && $valid_reason && $valid_recipient) {
// Let's start the transfer and load user data
$content['sender'] = SQL_FETCHARRAY($result);
$content['recipient'] = SQL_FETCHARRAY($result);
// Is the nickname extension not installed?
if (!isExtensionActive('nickname')) {
// Fix empty nicknames
$content['sender']['nickname'] = '';
$content['recipient']['nickname'] = '';
} // END - if
// Prepare variables for testing
$TEST_NICK_SENDER = $content['sender']['nickname'];
$TEST_NICK_REC = $content['recipient']['nickname'];
// Default is userids for subject line
$SENDER = getMemberId();
$RECIPIENT = bigintval(postRequestParameter('to_userid'));
// If nickname is installed we can set the nickname
// @TODO Rewrite this to a filter
if (isExtensionActive('nickname')) {
if (($TEST_NICK_SENDER != getMemberId()) && (!empty($TEST_NICK_SENDER))) {
$SENDER = $content['sender']['nickname'];
} // END - if
if (($TEST_NICK_REC != postRequestParameter('to_userid')) && (!empty($TEST_NICK_REC))) {
$RECIPIENT = $content['recipient']['nickname'];
} // END - if
} // END - if
// Remember transfer reason and fancy date/time in constants
$content['reason'] = secureString(postRequestParameter('reason'));
$content['expires'] = '{%config,createFancyTime=transfer_age%}';
// Generate tranafer id
$content['trans_id'] = bigintval(generateRandomCode('10', mt_rand(0, 99999), getMemberId(), postRequestParameter('reason')));
// Add entries to both tables
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_transfers_in` (`userid`, `from_userid`, `points`, `reason`, `time_trans`, `trans_id`) VALUES (%s,%s,%s,'%s', UNIX_TIMESTAMP(),%s)",
array(bigintval(postRequestParameter('to_userid')), getMemberId(), bigintval(postRequestParameter('points')), postRequestParameter('reason'), $content['trans_id']), __FILE__, __LINE__);
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_transfers_out` (`userid`, `to_userid`, `points`, `reason`, `time_trans`, `trans_id`) VALUES (%s,%s,%s,'%s', UNIX_TIMESTAMP(),%s)",
array(getMemberId(), bigintval(postRequestParameter('to_userid')), bigintval(postRequestParameter('points')), postRequestParameter('reason'), $content['trans_id']), __FILE__, __LINE__);
// Add points to account *directly* ...
addPointsDirectly('transfer', bigintval(postRequestParameter('to_userid')), bigintval(postRequestParameter('points')));
// ... and add it to current user's used points
subtractPoints('transfer', getMemberId(), postRequestParameter('points'));
// First send email to recipient
$message = loadEmailTemplate('member_transfer_recipient', $content, postRequestParameter('to_userid'));
sendEmail($content['recipient']['email'], '{--TRANSFER_MEMBER_RECIPIENT_SUBJECT--}' . ': ' . $SENDER, $message);
// Second send email to sender
$message = loadEmailTemplate('member_transfer_sender', $content, getMemberId());
sendEmail($content['sender']['email'], '{--TRANSFER_MEMBER_SENDER_SUBJECT--}' . ': ' . $RECIPIENT, $message);
// At last send admin mail(s)
$adminSubject = sprintf("%s (%s->%s)", '{--TRANSFER_ADMIN_SUBJECT--}', $SENDER, $RECIPIENT);
sendAdminNotification($adminSubject, 'admin_transfer_points', $content);
// Transfer is completed
loadTemplate('admin_settings_saved', false, '