-<?php\r
-/************************************************************************\r
- * MXChange v0.2.1 Start: 10/19/2003 *\r
- * =============== Last change: 08/26/2004 *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * File : what-order.php *\r
- * -------------------------------------------------------------------- *\r
- * Short description : Order mails here *\r
- * -------------------------------------------------------------------- *\r
- * Kurzbeschreibung : Hier k�nnen Ihre Mitglieder Mails buchen *\r
- * -------------------------------------------------------------------- *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * Copyright (c) 2003 - 2008 by Roland Haeder *\r
- * For more information visit: http://www.mxchange.org *\r
- * *\r
- * This program is free software; you can redistribute it and/or modify *\r
- * it under the terms of the GNU General Public License as published by *\r
- * the Free Software Foundation; either version 2 of the License, or *\r
- * (at your option) any later version. *\r
- * *\r
- * This program is distributed in the hope that it will be useful, *\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *\r
- * GNU General Public License for more details. *\r
- * *\r
- * You should have received a copy of the GNU General Public License *\r
- * along with this program; if not, write to the Free Software *\r
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *\r
- * MA 02110-1301 USA *\r
- ************************************************************************/\r
-\r
-// Some security stuff...\r
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
-{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
- require($INC);\r
-}\r
- elseif (!IS_LOGGED_IN())\r
-{\r
- LOAD_URL(URL."/modules.php?module=index");\r
-}\r
- elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN()))\r
-{\r
- ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");\r
- return;\r
-}\r
-\r
-// Add description as navigation point\r
-ADD_DESCR("member", basename(__FILE__));\r
-\r
-$URL = ""; $id = 0;\r
-$WHERE = " WHERE visible='Y'";\r
-\r
-// Set undefined array elements\r
-if (empty($_GET['msg'])) $_GET['msg'] = "";\r
-if (empty($_POST['zip'])) $_POST['zip'] = "";\r
-if (empty($_POST['html'])) $_POST['html'] = "";\r
-if (empty($_POST['receiver'])) $_POST['receiver'] = "";\r
-if (is_admin()) $WHERE = "";\r
-\r
-// Add slashes to every value\r
-foreach($_POST as $key=>$value)\r
-{\r
- // Skip submit buttons\r
- if (($key != "data") && ($key != "frametester")) $_POST[$key] = addslashes($value);\r
-}\r
-\r
-// Minimum mails / order\r
-define('__MIN_VALUE', $CONFIG['order_min']);\r
-\r
-// Count unconfirmed mails\r
-$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
-$links = SQL_NUMROWS($result_links);\r
-SQL_FREERESULT($result_links);\r
-\r
-// Does the user has more than 0 mails per day set?\r
-$HOLIDAY="userid";\r
-if (GET_EXT_VERSION("holiday") >= "0.1.3")\r
-{\r
- // Fetch also holiday activation data\r
- $HOLIDAY = "holiday_active";\r
-}\r
-\r
-$result_mmails = SQL_QUERY_ESC("SELECT userid, receive_mails, mail_orders, ".$HOLIDAY."\r
-FROM "._MYSQL_PREFIX."_user_data\r
-WHERE userid=%d AND max_mails > 0 LIMIT 1",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
-$mmails = SQL_NUMROWS($result_mmails);\r
-list($DMY, $MAXI, $ORDERS, $HOLIDAY) = SQL_FETCHROW($result_mmails);\r
-SQL_FREERESULT($result_mmails);\r
-if ($HOLIDAY == $DMY) $HOLIDAY="N";\r
-\r
-$ALLOWED = $MAXI - $ORDERS;\r
-if ($CONFIG['order_max'] == "MAX") $ALLOWED = $MAXI;\r
-\r
-// Check HTML extension\r
-$HTML_EXT = EXT_IS_ACTIVE("html_mail");\r
-\r
-// Now check his points amount\r
-$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
-$TOTAL = "0";\r
-if (SQL_NUMROWS($result_p) > 0)\r
-{\r
- // Load points\r
- list($TOTAL) = SQL_FETCHROW($result_p);\r
- SQL_FREERESULT($result_p);\r
-\r
- // And subtract his used points...\r
- $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
- list($p) = SQL_FETCHROW($result_p);\r
- SQL_FREERESULT($result_p);\r
- $TOTAL -= $p;\r
-\r
- // Add (maybe) missing three zeros\r
- if (!ereg(".", $TOTAL)) $TOTAL .= ".00000";\r
-}\r
-\r
-if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3"))\r
-{\r
- // Holiday is active!\r
- SQL_FREERESULT($result_p);\r
- LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE);\r
-}\r
- elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0))\r
-{\r
- // Continue with the frametester, we first need to store the data temporary in the pool\r
- //\r
- // First we would like to store the data and get it's pool position back...\r
- $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND url='%s' AND timestamp > %d LIMIT 1",\r
- array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $CONFIG['url_tlock'])), __FILE__, __LINE__);\r
-\r
- $type = "TEMP"; $id = "0";\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- list($id, $type) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- }\r
- if ($type == "TEMP")\r
- {\r
- // No entry found, so we need to check out the stats table as well... :)\r
- // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters\r
- $URL = "";\r
- if ($CONFIG['test_text'] == "Y")\r
- {\r
- // Test submitted text against some filters (length, URLs in text etc.)\r
- if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1))\r
- {\r
- // URL found!\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;\r
- }\r
- $TEST = str_replace("\n", "", str_replace("\r", "", addslashes($_POST['text'])));\r
- if (strlen($TEST) > $CONFIG['max_tlength'])\r
- {\r
- // Text is too long!\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_OVERLENGTH;\r
- }\r
- }\r
- // Shall I test the subject line against URLs?\r
- if ($CONFIG['test_subj'] == "Y")\r
- {\r
- // Check the subject line for issues\r
- $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));\r
- if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1))\r
- {\r
- // URL in subject found\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_SUBJ_URL;\r
- }\r
- }\r
- // And shall I check that his URL is not in the black list?\r
- if ($CONFIG['url_blacklist'] == "Y")\r
- {\r
- // Ok, I do that for you know...\r
- $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1",\r
- array($_POST['url']), __FILE__, __LINE__);\r
-\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Jupp, we got one listed\r
- list($blist) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist;\r
- }\r
- }\r
- if (($_POST['receiver'] < $CONFIG['order_min']) && (!IS_ADMIN()))\r
- {\r
- // Less than allowed receivers entered!\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3;\r
- }\r
-\r
- // Validate URL\r
- if (!VALIDATE_URL($_POST['url']))\r
- {\r
- // URL is invalid!\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_URL;\r
- }\r
-\r
- // Probe for HTML extension\r
- if ($HTML_EXT)\r
- {\r
- if ($_POST['html'] == "Y")\r
- {\r
- // Chek for valid HTML tags\r
- $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);\r
-\r
- // Maybe invalid tags found?\r
- if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id;\r
- }\r
- else\r
- {\r
- // Remove any HTML code\r
- $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));\r
- }\r
- }\r
- }\r
- elseif (!IS_ADMIN())\r
- {\r
- // He has already sent a mail within a specific time\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id;\r
- }\r
- if (empty($URL))\r
- {\r
- // Check if category and number of receivers is okay\r
- $ADD = "";\r
- if (($CONFIG['order_multi_page'] == "Y") && (!empty($_POST['zip']))) $ADD = "AND d.zip LIKE '".bigintval($_POST['zip'])."{PER}'";\r
-\r
- // Check for userids\r
- $result = SQL_QUERY_ESC("SELECT DISTINCT c.userid FROM "._MYSQL_PREFIX."_user_cats AS c\r
-LEFT JOIN "._MYSQL_PREFIX."_user_data AS d\r
-ON c.userid=d.userid\r
-WHERE c.cat_id=%d AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0\r
-".$ADD."\r
-ORDER BY d.%s %s",\r
- array(\r
- bigintval($_POST['cat']),\r
- $GLOBALS['userid'],\r
- $CONFIG['order_select'],\r
- $CONFIG['order_mode'],\r
- ), __FILE__, __LINE__);\r
-\r
- // Do we enougth receivers left?\r
- if (SQL_NUMROWS($result) >= $_POST['receiver'])\r
- {\r
- // Check for holiday extensions\r
- $HOLIDAY = false;\r
- if (GET_EXT_VERSION("holiday") >= "0.1.3")\r
- {\r
- // Include checking for users in holiday\r
- $HOLIDAY = true;\r
- }\r
-\r
- // Load receivers from database\r
- $TEST = array(); $cnt = 0;\r
- while (list($REC) = SQL_FETCHROW($result))\r
- {\r
- if ($HOLIDAY)\r
- {\r
- // Check for his holiday status\r
- $result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays\r
-WHERE userid=%d AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",\r
- array(bigintval($REC)), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday\r
-\r
- // Free memory\r
- SQL_FREERESULT($result_holiday);\r
- }\r
-\r
- if ($REC > 0)\r
- {\r
- // Add receiver\r
- $TEST[] = $REC;\r
- $cnt++;\r
- }\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Implode array into string for the sending pool\r
- $RECEIVER = implode($TEST, ";");\r
-\r
- // Count array for maximum sent\r
- $MAX_SEND = count($TEST);\r
-\r
- // Update receiver list\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET receive_mails=receive_mails-1 WHERE userid IN (%s) LIMIT %s",\r
- array(str_replace(";", ", ", $RECEIVER), $MAX_SEND), __FILE__, __LINE__);\r
-\r
- // Is calculated max receivers larger than wanted receivers then reset it\r
- if ($MAX_SEND > $_POST['receiver']) $MAX_SEND = $_POST['receiver'];\r
-\r
- // Calculate used points\r
- $USED = $MAX_SEND * GET_PAY_POINTS(bigintval($_POST['type']));\r
-\r
- // Check if he has enougth points for this order and selected more than 0 receivers\r
- if (($USED > 0) && ($USED <= $TOTAL) && ($MAX_SEND > 0))\r
- {\r
- // Gettings points is okay, so we can add $USED later from\r
- $TIME = time();\r
- if (($id == "0") || ($type != "TEMP"))\r
- {\r
- // New order\r
- $id = 0;\r
- if ($HTML_EXT)\r
- {\r
- // HTML extension is active\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg)\r
- VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s', '%s')",\r
-array(\r
- $GLOBALS['userid'],\r
- addslashes($_POST['subject']),\r
- addslashes($_POST['text']),\r
- $RECEIVER,\r
- bigintval($_POST['type']),\r
- $TIME,\r
- $_POST['url'],\r
- bigintval($_POST['cat']),\r
- $MAX_SEND,\r
- bigintval($_POST['zip']),\r
- $_POST['html']\r
-), __FILE__, __LINE__);\r
- }\r
- else\r
- {\r
- // No HTML extension is active\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip)\r
- VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s')",\r
-array(\r
- $GLOBALS['userid'],\r
- addslashes($_POST['subject']),\r
- addslashes($_POST['text']),\r
- $RECEIVER,\r
- bigintval($_POST['type']),\r
- $TIME,\r
- $_POST['url'],\r
- bigintval($_POST['cat']),\r
- $MAX_SEND,\r
- bigintval($_POST['zip']),\r
-), __FILE__, __LINE__);\r
- }\r
- }\r
- else\r
- {\r
- // Change current order\r
- if ($HTML_EXT)\r
- {\r
- // HTML extension is active\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET\r
-subject='%s',\r
-text='%s',\r
-receivers='%s',\r
-payment_id=%d,\r
-timestamp=UNIX_TIMESTAMP(),\r
-url='%s',\r
-cat_id=%d,\r
-target_send=%d,\r
-zip=%d,\r
-html_msg='%s'\r
-WHERE id=%d LIMIT 1",\r
-array(\r
- $_POST['subject'],\r
- $_POST['text'],\r
- $RECEIVER,\r
- bigintval($_POST['type']),\r
- $_POST['url'],\r
- bigintval($_POST['cat']),\r
- $MAX_SEND,\r
- bigintval($_POST['zip']),\r
- $_POST['html'],\r
- bigintval($id)\r
-), __FILE__, __LINE__);\r
- }\r
- else\r
- {\r
- // No HTML extension is active\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET\r
-subject='%s',\r
-text='%s',\r
-receivers='%s',\r
-payment_id=%d,\r
-timestamp=UNIX_TIMESTAMP(),\r
-url='%s',\r
-cat_id=%d,\r
-target_send=%d,\r
-zip=%d\r
-WHERE id=%d LIMIT 1",\r
-array(\r
- $_POST['subject'],\r
- $_POST['text'],\r
- $RECEIVER,\r
- bigintval($_POST['type']),\r
- $_POST['url'],\r
- bigintval($_POST['cat']),\r
- $MAX_SEND,\r
- bigintval($_POST['zip']),\r
- bigintval($id)\r
-), __FILE__, __LINE__);\r
- }\r
- }\r
-\r
- // Do we need to get the ID number?\r
- if ($id == 0) {\r
- // Order is placed as temporary. We need to get it's id for the frametester\r
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND subject='%s' AND payment_id=%d AND data_type='TEMP' AND timestamp=%d LIMIT 1",\r
- array(\r
- $GLOBALS['userid'],\r
- $_POST['subject'],\r
- bigintval($_POST['type']),\r
- $TIME\r
- ), __FILE__, __LINE__);\r
-\r
- list($id) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- }\r
-\r
- // ID is received so we can redirect the user, used points will be added when he send's out the mail\r
- $URL = URL."/modules.php?module=frametester&order=".$id."";\r
- }\r
- elseif ($MAX_SEND == 0)\r
- {\r
- // Not enougth receivers found which can receive mails\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2;\r
- }\r
- else\r
- {\r
- // No enougth points left!\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_POINTS;\r
- }\r
- }\r
- else\r
- {\r
- // Ordered more mails than he can send in this category\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT;\r
- }\r
- }\r
-}\r
- elseif ($_POST['receiver'] == "0")\r
-{\r
- // Not enougth receivers selected\r
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1;\r
-}\r
- elseif (($ALLOWED == 0) && ($CONFIG['order_max'] == "ORDER"))\r
-{\r
- // No more mail orders allowed\r
- LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_ORDER_ALLOWED_EXHAUSTED);\r
-}\r
- elseif (($links < $CONFIG['unconfirmed']) && ($mmails == "1"))\r
-{\r
- // Display order form\r
- $result_cats = SQL_QUERY("SELECT id, cat FROM "._MYSQL_PREFIX."_cats".$WHERE." ORDER BY sort", __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result_cats) > 0)\r
- {\r
- if ($TOTAL > 0)\r
- {\r
- // Initialize array...\r
- $CATS = array(\r
- 'id' => array(),\r
- 'name' => array(),\r
- 'uids' => array()\r
- );\r
-\r
- // Enable HTML checking\r
- $HTML = ""; $HOLIDAY = false; $HOL_STRING = "";\r
- if (($HTML_EXT) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'";\r
- if (GET_EXT_VERSION("holiday") >= "0.1.3")\r
- {\r
- // Extension's version is fine\r
- $HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'";\r
- }\r
-\r
- // ... and begin loading stuff\r
- while (list($id, $cat) = SQL_FETCHROW($result_cats))\r
- {\r
- $CATS['id'][] = bigintval($id);\r
- $CATS['name'][] = $cat;\r
-\r
- // Select users in current category\r
- $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d AND userid != '%s' ORDER BY userid",\r
- array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
- $uid_cnt = "0";\r
- while (list($ucat) = SQL_FETCHROW($result_uids))\r
- {\r
- // Check for holiday system\r
- $HOL_ACTIVE = false;\r
- if ($HOLIDAY)\r
- {\r
- // Check user's holiday status\r
- $result_holiday = SQL_QUERY_ESC("SELECT DISTINCT d.userid FROM "._MYSQL_PREFIX."_user_data AS d\r
-LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h\r
-ON d.userid=h.userid\r
-WHERE d.userid=%d AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'\r
-AND h.holiday_start < ".time()." AND h.holiday_end > ".time()."\r
-LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result_holiday) == 1)\r
- {\r
- // Holiday is active!\r
- $HOL_ACTIVE = true;\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result_holiday);\r
- }\r
-\r
- if (!$HOL_ACTIVE)\r
- {\r
- // Check if the user want's to receive mails?\r
- $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",\r
- array(bigintval($ucat)), __FILE__, __LINE__);\r
-\r
- if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && ($CONFIG['order_multi_page'] == "Y"))\r
- {\r
- list($zip) = SQL_FETCHROW($result_ver);\r
- SQL_FREERESULT($result_ver);\r
- if (substr($zip, 0, strlen($_POST['zip'])) == $_POST['zip'])\r
- {\r
- // Ok, ZIP part is found\r
- $uid_cnt++;\r
- }\r
- }\r
- else\r
- {\r
- // Count numbers up!\r
- $uid_cnt += SQL_NUMROWS($result_ver);\r
- }\r
- }\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result_uids);\r
- $CATS['uids'][] = $uid_cnt;\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result_cats);\r
-\r
- // Now we need to load the mail types...\r
- $result = SQL_QUERY("SELECT id, price, payment, mail_title FROM "._MYSQL_PREFIX."_payments ORDER BY payment", __FILE__, __LINE__);\r
-\r
- $TYPES = array();\r
- if (SQL_NUMROWS($result) > 0)\r
- {\r
- // Check for message ID in URL\r
- $MSG = "";\r
- switch ($_GET['msg'])\r
- {\r
- case CODE_URL_TLOCK:\r
- $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",\r
- array(bigintval($_GET['id'])), __FILE__, __LINE__);\r
-\r
- // Load timestamp from last order\r
- list($LORDER) = SQL_FETCHROW($result);\r
- $LORDER = MAKE_DATETIME($LORDER, "1");\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Calculate hours...\r
- $STD = round($CONFIG['url_tlock'] / 60 / 60);\r
-\r
- // Minutes...\r
- $MIN = round(($CONFIG['url_tlock'] - $STD * 60 * 60) / 60);\r
-\r
- // And seconds\r
- $SEC = $CONFIG['url_tlock'] - $STD * 60 * 60 - $MIN * 60;\r
-\r
- // Finally contruct the message\r
- $MSG = MEMBER_URL_TIME_LOCK."<BR>".CONFIG_URL_TLOCK." ".$STD." ".\r
- HOURS.", ".$MIN." ".MINS." "._AND." ".$SEC." ".SECS."<BR>".\r
- MEMBER_LAST_TLOCK.": ".$LORDER;\r
- break;\r
-\r
- case CODE_OVERLENGTH:\r
- $MSG = MEMBER_TEXT_OVERLENGTH;\r
- break;\r
-\r
- case CODE_URL_FOUND:\r
- $MSG = MEMBER_TEXT_CONTAINS_URL;\r
- break;\r
-\r
- case CODE_SUBJ_URL:\r
- $MSG = MEMBER_SUBJ_CONTAINS_URL;\r
- break;\r
-\r
- case CODE_BLIST_URL:\r
- $MSG = MEMBER_URL_BLACK_LISTED."<BR>\r
-".MEMBER_BLIST_TIME.": ".MAKE_DATETIME($_GET['blist'], "0");\r
- break;\r
-\r
- case CODE_NO_RECS_LEFT:\r
- $MSG = MEMBER_SELECTED_MORE_RECS;\r
- break;\r
-\r
- case CODE_INVALID_TAGS:\r
- $MSG = MEMBER_HTML_INVALID_TAGS;\r
- break;\r
-\r
- case CODE_MORE_POINTS:\r
- $MSG = MEMBER_MORE_POINTS_NEEDED;\r
- break;\r
-\r
- case CODE_MORE_RECEIVERS1:\r
- $MSG = MEMBER_ENTER_MORE_RECEIVERS;\r
- break;\r
-\r
- case CODE_MORE_RECEIVERS2:\r
- $MSG = MEMBER_NO_MORE_RECEIVERS_FOUND;\r
- break;\r
-\r
- case CODE_MORE_RECEIVERS3:\r
- $MSG = MEMBER_ENTER_MORE_MIN_RECEIVERS_1.$CONFIG['order_min'].MEMBER_ENTER_MORE_MIN_RECEIVERS_2;\r
- break;\r
-\r
- case CODE_INVALID_URL:\r
- $MSG = MEMBER_ENTER_INVALID_URL;\r
- break;\r
-\r
- case "": // When no error code is included in the URL we do not need to output an error message as well...\r
- break;\r
-\r
- default:\r
- $MSG = UNKNOWN_CODE_1.$_GET['msg'].UNKNOWN_CODE_2;\r
- break;\r
- }\r
- if (!empty($MSG))\r
- {\r
- // We got system message so we drop it out to the user\r
- LOAD_TEMPLATE("admin_settings_saved", false, $MSG);\r
- }\r
-\r
- // Load all email types...\r
- while ($TYPES[] = SQL_FETCHROW($result))\r
- {\r
- // Nothing to do here... ;-)\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Output user's points\r
- $TOTAL = TRANSLATE_COMMA($TOTAL);\r
-\r
- // Check how many mail orders he has placed today and how many he's allowed to send\r
- switch ($CONFIG['order_max'])\r
- {\r
- case "MAX": // He is allowed to send as much as possible\r
- define('ORDER_MAX_VALUE', ORDER_ALLOED_MAX);\r
- break;\r
-\r
- case "ORDER": // He is allowed to send as much as he setup the receiving value\r
- define('ORDER_MAX_VALUE', ORDER_ALLOWED_RECEIVE_1.$ALLOWED.ORDER_ALLOWED_RECEIVE_2.$MAXI.ORDER_ALLOWED_RECEIVE_3);\r
- break;\r
- }\r
-\r
- // Load final template\r
- LOAD_TEMPLATE("member_order_points", false, $TOTAL);\r
-\r
- // Reset variables\r
- $OLD_ORDER = false; $subject = ""; $text = ""; $target = "";\r
-\r
- // Check if we already have an order placed and make it editable\r
- $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND data_type='TEMP' LIMIT 1",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Old order found\r
- list($subject, $text, $payment, $tstamp, $url, $target, $cat, $zip) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
-\r
- // Fix max receivers when it is too much\r
- if ($target > $CATS['uids'][$cat]) $target = $CATS['uids'][$cat];\r
-\r
- // Old order is grabbed\r
- $OLD_ORDER = true;\r
- }\r
- else\r
- {\r
- // Default output for that your members don't forget it...\r
- $url = "http://";\r
- }\r
-\r
- // 01 2 21 12 2 23 443 3 3210\r
- if ((!empty($_POST['data'])) || (($CONFIG['order_multi_page'] == "N") && ((!IS_ADMIN()) && (!$HTML_EXT))))\r
- {\r
- // Pre-output categories\r
- $CAT = "";\r
- foreach ($CATS['id'] as $key=>$value)\r
- {\r
- $CAT .= " <OPTION value=\"".$value."\"";\r
- if (($OLD_ORDER) && ($cat == $value)) $CAT .= " selected=\"selected\"";\r
- $CAT .= ">".$CATS['name'][$key]." (".$CATS['uids'][$key]." ".USER_IN_CAT.")</OPTION>\n";\r
- }\r
- // Mail type\r
- $TYPE = "";\r
- foreach ($TYPES as $key=>$value)\r
- {\r
- $P = TRANSLATE_COMMA($TYPES[$key][1]);\r
- if (is_array($value))\r
- {\r
- // Output option line\r
- $TYPE .= " <OPTION value=\"".$TYPES[$key][0]."\"";\r
- if (($OLD_ORDER) && ($payment == $TYPES[$key][0])) $TYPE .= " selected=\"selected\"";\r
- $TYPE .= ">".$P." ".PER_MAIL." - ".$TYPES[$key][3]." - ".round($TYPES[$key][2])." ".PAYMENT."</OPTION>\n";\r
- }\r
- }\r
-\r
- // Put all in constants for the template\r
- define('CATEGORY_SELECTION', $CAT);\r
- define('TYPE_SELECTION', $TYPE);\r
- define('TARGET', $target);\r
- define('SUBJECT', $subject);\r
- define('TEXT', COMPILE_CODE($text));\r
- define('T_URL', $url);\r
-\r
- if (!empty($_POST['zip']))\r
- {\r
- // Output entered ZIP code\r
- define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, $_POST['zip']));\r
- }\r
- else\r
- {\r
- define('ZIP_OUTPUT', "<TR><TD colspan=\"5\" height=\"5\" class=\"seperator\"> </TD></TR>");\r
- }\r
- // HTML extension\r
- if (($HTML_EXT) && ($_POST['html'] == "Y"))\r
- {\r
- // Extension is active so output valid HTML tags\r
- define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS()));\r
- }\r
- else\r
- {\r
- // Extension not active and/or class not uploaded\r
- define('MEMBER_HTML_EXTENSION', "<TR><TD colspan=\"5\"><INPUT type=\"hidden\" name=\"html\" value=\"N\"></TD></TR>");\r
- }\r
-\r
- // Output form for page 2\r
- LOAD_TEMPLATE("member_order_page2");\r
- }\r
- else\r
- {\r
- // Remember maybe entered ZIP code in constant\r
- $ADD = "";\r
- if ($HTML_EXT)\r
- {\r
- // Add some content when html extension is active\r
- if (($CONFIG['order_multi_page'] == "Y") || (IS_ADMIN())) $ADD = "<TR><TD colspan=\"2\" class=\"seperator bottom2\" height=\"5\"> </TD></TR>\n";\r
- define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_intro", true));\r
- }\r
- else\r
- {\r
- // No HTML extension installed\r
- define('MEMBER_HTML_EXTENSION', "<TR><TD colspan=\"2\"><INPUT type=\"hidden\" name=\"html\" value=\"N\"></TD></TR>");\r
- }\r
- // Do we want ZIP code or not?\r
- if (($CONFIG['order_multi_page'] == "Y") || (IS_ADMIN()))\r
- {\r
- // Yes\r
- $content = array(\r
- 'zip' => $_POST['zip'],\r
- 'add' => $ADD\r
- );\r
- define('MEMBER_ZIP_CONTENT', LOAD_TEMPLATE("member_order-zip1", true, $content));\r
- }\r
- else\r
- {\r
- // No\r
- define('MEMBER_ZIP_CONTENT', "");\r
- }\r
-\r
- // Output form for page 1 (ZIP code or HTML)\r
- LOAD_TEMPLATE("member_order_page1");\r
- }\r
- }\r
- else\r
- {\r
- // No mail types defined\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_PAYMENTS."</SPAN></STRONG>");\r
- }\r
- }\r
- else\r
- {\r
- // No points left!\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_POINTS."</SPAN></STRONG>");\r
- }\r
- }\r
- else\r
- {\r
- // No cateogries are defined yet\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_CATS."</SPAN></STRONG>");\r
- }\r
-}\r
- elseif ($mmails == "0")\r
-{\r
- // Please set more than 0 mails per day!\r
- LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_HAS_ZERO_MMAILS);\r
-}\r
- else\r
-{\r
- // Please confirm some mails first!\r
- LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_LINKS_LEFT_1.$links.MEMBER_LINKS_LEFT_2.$CONFIG['unconfirmed'].MEMBER_LINKS_LEFT_3);\r
-}\r
-\r
-if (!empty($URL))\r
-{\r
- // Redirect to requested URL\r
- LOAD_URL($URL);\r
-}\r
-\r
-//\r
-?>\r
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 10/19/2003 *
+ * =============== Last change: 08/26/2004 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : what-order.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Order mails here *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Hier k�nnen Ihre Mitglieder Mails buchen *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
+{
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+ elseif (!IS_LOGGED_IN())
+{
+ LOAD_URL(URL."/modules.php?module=index");
+}
+ elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN()))
+{
+ ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
+ return;
+}
+
+// Add description as navigation point
+ADD_DESCR("member", basename(__FILE__));
+
+$URL = ""; $id = 0;
+$WHERE = " WHERE visible='Y'";
+
+// Set undefined array elements
+if (empty($_GET['msg'])) $_GET['msg'] = "";
+if (empty($_POST['zip'])) $_POST['zip'] = "";
+if (empty($_POST['html'])) $_POST['html'] = "";
+if (empty($_POST['receiver'])) $_POST['receiver'] = "";
+if (is_admin()) $WHERE = "";
+
+// Add slashes to every value
+foreach($_POST as $key=>$value)
+{
+ // Skip submit buttons
+ if (($key != "data") && ($key != "frametester")) $_POST[$key] = addslashes($value);
+}
+
+// Minimum mails / order
+define('__MIN_VALUE', $CONFIG['order_min']);
+
+// Count unconfirmed mails
+$result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+$links = SQL_NUMROWS($result_links);
+SQL_FREERESULT($result_links);
+
+// Does the user has more than 0 mails per day set?
+$HOLIDAY="userid";
+if (GET_EXT_VERSION("holiday") >= "0.1.3")
+{
+ // Fetch also holiday activation data
+ $HOLIDAY = "holiday_active";
+}
+
+$result_mmails = SQL_QUERY_ESC("SELECT userid, receive_mails, mail_orders, ".$HOLIDAY."
+FROM "._MYSQL_PREFIX."_user_data
+WHERE userid=%d AND max_mails > 0 LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+
+$mmails = SQL_NUMROWS($result_mmails);
+list($DMY, $MAXI, $ORDERS, $HOLIDAY) = SQL_FETCHROW($result_mmails);
+SQL_FREERESULT($result_mmails);
+if ($HOLIDAY == $DMY) $HOLIDAY="N";
+
+$ALLOWED = $MAXI - $ORDERS;
+if ($CONFIG['order_max'] == "MAX") $ALLOWED = $MAXI;
+
+// Check HTML extension
+$HTML_EXT = EXT_IS_ACTIVE("html_mail");
+
+// Now check his points amount
+$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+
+$TOTAL = "0";
+if (SQL_NUMROWS($result_p) > 0)
+{
+ // Load points
+ list($TOTAL) = SQL_FETCHROW($result_p);
+ SQL_FREERESULT($result_p);
+
+ // And subtract his used points...
+ $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+
+ list($p) = SQL_FETCHROW($result_p);
+ SQL_FREERESULT($result_p);
+ $TOTAL -= $p;
+
+ // Add (maybe) missing three zeros
+ if (!ereg(".", $TOTAL)) $TOTAL .= ".00000";
+}
+
+if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3"))
+{
+ // Holiday is active!
+ SQL_FREERESULT($result_p);
+ LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE);
+}
+ elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0))
+{
+ // Continue with the frametester, we first need to store the data temporary in the pool
+ //
+ // First we would like to store the data and get it's pool position back...
+ $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND url='%s' AND timestamp > %d LIMIT 1",
+ array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $CONFIG['url_tlock'])), __FILE__, __LINE__);
+
+ $type = "TEMP"; $id = "0";
+ if (SQL_NUMROWS($result) == 1)
+ {
+ list($id, $type) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ }
+ if ($type == "TEMP")
+ {
+ // No entry found, so we need to check out the stats table as well... :)
+ // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
+ $URL = "";
+ if ($CONFIG['test_text'] == "Y")
+ {
+ // Test submitted text against some filters (length, URLs in text etc.)
+ if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1))
+ {
+ // URL found!
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
+ }
+ $TEST = str_replace("\n", "", str_replace("\r", "", addslashes($_POST['text'])));
+ if (strlen($TEST) > $CONFIG['max_tlength'])
+ {
+ // Text is too long!
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_OVERLENGTH;
+ }
+ }
+ // Shall I test the subject line against URLs?
+ if ($CONFIG['test_subj'] == "Y")
+ {
+ // Check the subject line for issues
+ $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
+ if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1))
+ {
+ // URL in subject found
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_SUBJ_URL;
+ }
+ }
+ // And shall I check that his URL is not in the black list?
+ if ($CONFIG['url_blacklist'] == "Y")
+ {
+ // Ok, I do that for you know...
+ $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1",
+ array($_POST['url']), __FILE__, __LINE__);
+
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Jupp, we got one listed
+ list($blist) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist;
+ }
+ }
+ if (($_POST['receiver'] < $CONFIG['order_min']) && (!IS_ADMIN()))
+ {
+ // Less than allowed receivers entered!
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3;
+ }
+
+ // Validate URL
+ if (!VALIDATE_URL($_POST['url']))
+ {
+ // URL is invalid!
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_URL;
+ }
+
+ // Probe for HTML extension
+ if ($HTML_EXT)
+ {
+ if ($_POST['html'] == "Y")
+ {
+ // Chek for valid HTML tags
+ $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
+
+ // Maybe invalid tags found?
+ if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id;
+ }
+ else
+ {
+ // Remove any HTML code
+ $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
+ }
+ }
+ }
+ elseif (!IS_ADMIN())
+ {
+ // He has already sent a mail within a specific time
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id;
+ }
+ if (empty($URL))
+ {
+ // Check if category and number of receivers is okay
+ $ADD = "";
+ if (($CONFIG['order_multi_page'] == "Y") && (!empty($_POST['zip']))) $ADD = "AND d.zip LIKE '".bigintval($_POST['zip'])."{PER}'";
+
+ // Check for userids
+ $result = SQL_QUERY_ESC("SELECT DISTINCT c.userid FROM "._MYSQL_PREFIX."_user_cats AS c
+LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
+ON c.userid=d.userid
+WHERE c.cat_id=%d AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0
+".$ADD."
+ORDER BY d.%s %s",
+ array(
+ bigintval($_POST['cat']),
+ $GLOBALS['userid'],
+ $CONFIG['order_select'],
+ $CONFIG['order_mode'],
+ ), __FILE__, __LINE__);
+
+ // Do we enougth receivers left?
+ if (SQL_NUMROWS($result) >= $_POST['receiver'])
+ {
+ // Check for holiday extensions
+ $HOLIDAY = false;
+ if (GET_EXT_VERSION("holiday") >= "0.1.3")
+ {
+ // Include checking for users in holiday
+ $HOLIDAY = true;
+ }
+
+ // Load receivers from database
+ $TEST = array(); $cnt = 0;
+ while (list($REC) = SQL_FETCHROW($result))
+ {
+ if ($HOLIDAY)
+ {
+ // Check for his holiday status
+ $result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays
+WHERE userid=%d AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",
+ array(bigintval($REC)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday
+
+ // Free memory
+ SQL_FREERESULT($result_holiday);
+ }
+
+ if ($REC > 0)
+ {
+ // Add receiver
+ $TEST[] = $REC;
+ $cnt++;
+ }
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Implode array into string for the sending pool
+ $RECEIVER = implode($TEST, ";");
+
+ // Count array for maximum sent
+ $MAX_SEND = count($TEST);
+
+ // Update receiver list
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET receive_mails=receive_mails-1 WHERE userid IN (%s) LIMIT %s",
+ array(str_replace(";", ", ", $RECEIVER), $MAX_SEND), __FILE__, __LINE__);
+
+ // Is calculated max receivers larger than wanted receivers then reset it
+ if ($MAX_SEND > $_POST['receiver']) $MAX_SEND = $_POST['receiver'];
+
+ // Calculate used points
+ $USED = $MAX_SEND * GET_PAY_POINTS(bigintval($_POST['type']));
+
+ // Check if he has enougth points for this order and selected more than 0 receivers
+ if (($USED > 0) && ($USED <= $TOTAL) && ($MAX_SEND > 0))
+ {
+ // Gettings points is okay, so we can add $USED later from
+ $TIME = time();
+ if (($id == "0") || ($type != "TEMP"))
+ {
+ // New order
+ $id = 0;
+ if ($HTML_EXT)
+ {
+ // HTML extension is active
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg)
+ VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s', '%s')",
+array(
+ $GLOBALS['userid'],
+ addslashes($_POST['subject']),
+ addslashes($_POST['text']),
+ $RECEIVER,
+ bigintval($_POST['type']),
+ $TIME,
+ $_POST['url'],
+ bigintval($_POST['cat']),
+ $MAX_SEND,
+ bigintval($_POST['zip']),
+ $_POST['html']
+), __FILE__, __LINE__);
+ }
+ else
+ {
+ // No HTML extension is active
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip)
+ VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s')",
+array(
+ $GLOBALS['userid'],
+ addslashes($_POST['subject']),
+ addslashes($_POST['text']),
+ $RECEIVER,
+ bigintval($_POST['type']),
+ $TIME,
+ $_POST['url'],
+ bigintval($_POST['cat']),
+ $MAX_SEND,
+ bigintval($_POST['zip']),
+), __FILE__, __LINE__);
+ }
+ }
+ else
+ {
+ // Change current order
+ if ($HTML_EXT)
+ {
+ // HTML extension is active
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET
+subject='%s',
+text='%s',
+receivers='%s',
+payment_id=%d,
+timestamp=UNIX_TIMESTAMP(),
+url='%s',
+cat_id=%d,
+target_send=%d,
+zip=%d,
+html_msg='%s'
+WHERE id=%d LIMIT 1",
+array(
+ $_POST['subject'],
+ $_POST['text'],
+ $RECEIVER,
+ bigintval($_POST['type']),
+ $_POST['url'],
+ bigintval($_POST['cat']),
+ $MAX_SEND,
+ bigintval($_POST['zip']),
+ $_POST['html'],
+ bigintval($id)
+), __FILE__, __LINE__);
+ }
+ else
+ {
+ // No HTML extension is active
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET
+subject='%s',
+text='%s',
+receivers='%s',
+payment_id=%d,
+timestamp=UNIX_TIMESTAMP(),
+url='%s',
+cat_id=%d,
+target_send=%d,
+zip=%d
+WHERE id=%d LIMIT 1",
+array(
+ $_POST['subject'],
+ $_POST['text'],
+ $RECEIVER,
+ bigintval($_POST['type']),
+ $_POST['url'],
+ bigintval($_POST['cat']),
+ $MAX_SEND,
+ bigintval($_POST['zip']),
+ bigintval($id)
+), __FILE__, __LINE__);
+ }
+ }
+
+ // Do we need to get the ID number?
+ if ($id == 0) {
+ // Order is placed as temporary. We need to get it's id for the frametester
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND subject='%s' AND payment_id=%d AND data_type='TEMP' AND timestamp=%d LIMIT 1",
+ array(
+ $GLOBALS['userid'],
+ $_POST['subject'],
+ bigintval($_POST['type']),
+ $TIME
+ ), __FILE__, __LINE__);
+
+ list($id) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ }
+
+ // ID is received so we can redirect the user, used points will be added when he send's out the mail
+ $URL = URL."/modules.php?module=frametester&order=".$id."";
+ }
+ elseif ($MAX_SEND == 0)
+ {
+ // Not enougth receivers found which can receive mails
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2;
+ }
+ else
+ {
+ // No enougth points left!
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_POINTS;
+ }
+ }
+ else
+ {
+ // Ordered more mails than he can send in this category
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT;
+ }
+ }
+}
+ elseif ($_POST['receiver'] == "0")
+{
+ // Not enougth receivers selected
+ $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1;
+}
+ elseif (($ALLOWED == 0) && ($CONFIG['order_max'] == "ORDER"))
+{
+ // No more mail orders allowed
+ LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_ORDER_ALLOWED_EXHAUSTED);
+}
+ elseif (($links < $CONFIG['unconfirmed']) && ($mmails == "1"))
+{
+ // Display order form
+ $result_cats = SQL_QUERY("SELECT id, cat FROM "._MYSQL_PREFIX."_cats".$WHERE." ORDER BY sort", __FILE__, __LINE__);
+ if (SQL_NUMROWS($result_cats) > 0)
+ {
+ if ($TOTAL > 0)
+ {
+ // Initialize array...
+ $CATS = array(
+ 'id' => array(),
+ 'name' => array(),
+ 'uids' => array()
+ );
+
+ // Enable HTML checking
+ $HTML = ""; $HOLIDAY = false; $HOL_STRING = "";
+ if (($HTML_EXT) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'";
+ if (GET_EXT_VERSION("holiday") >= "0.1.3")
+ {
+ // Extension's version is fine
+ $HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'";
+ }
+
+ // ... and begin loading stuff
+ while (list($id, $cat) = SQL_FETCHROW($result_cats))
+ {
+ $CATS['id'][] = bigintval($id);
+ $CATS['name'][] = $cat;
+
+ // Select users in current category
+ $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d AND userid != '%s' ORDER BY userid",
+ array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);
+
+ $uid_cnt = "0";
+ while (list($ucat) = SQL_FETCHROW($result_uids))
+ {
+ // Check for holiday system
+ $HOL_ACTIVE = false;
+ if ($HOLIDAY)
+ {
+ // Check user's holiday status
+ $result_holiday = SQL_QUERY_ESC("SELECT DISTINCT d.userid FROM "._MYSQL_PREFIX."_user_data AS d
+LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h
+ON d.userid=h.userid
+WHERE d.userid=%d AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'
+AND h.holiday_start < ".time()." AND h.holiday_end > ".time()."
+LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result_holiday) == 1)
+ {
+ // Holiday is active!
+ $HOL_ACTIVE = true;
+ }
+
+ // Free memory
+ SQL_FREERESULT($result_holiday);
+ }
+
+ if (!$HOL_ACTIVE)
+ {
+ // Check if the user want's to receive mails?
+ $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",
+ array(bigintval($ucat)), __FILE__, __LINE__);
+
+ if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && ($CONFIG['order_multi_page'] == "Y"))
+ {
+ list($zip) = SQL_FETCHROW($result_ver);
+ SQL_FREERESULT($result_ver);
+ if (substr($zip, 0, strlen($_POST['zip'])) == $_POST['zip'])
+ {
+ // Ok, ZIP part is found
+ $uid_cnt++;
+ }
+ }
+ else
+ {
+ // Count numbers up!
+ $uid_cnt += SQL_NUMROWS($result_ver);
+ }
+ }
+ }
+
+ // Free memory
+ SQL_FREERESULT($result_uids);
+ $CATS['uids'][] = $uid_cnt;
+ }
+
+ // Free memory
+ SQL_FREERESULT($result_cats);
+
+ // Now we need to load the mail types...
+ $result = SQL_QUERY("SELECT id, price, payment, mail_title FROM "._MYSQL_PREFIX."_payments ORDER BY payment", __FILE__, __LINE__);
+
+ $TYPES = array();
+ if (SQL_NUMROWS($result) > 0)
+ {
+ // Check for message ID in URL
+ $MSG = "";
+ switch ($_GET['msg'])
+ {
+ case CODE_URL_TLOCK:
+ $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ array(bigintval($_GET['id'])), __FILE__, __LINE__);
+
+ // Load timestamp from last order
+ list($LORDER) = SQL_FETCHROW($result);
+ $LORDER = MAKE_DATETIME($LORDER, "1");
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Calculate hours...
+ $STD = round($CONFIG['url_tlock'] / 60 / 60);
+
+ // Minutes...
+ $MIN = round(($CONFIG['url_tlock'] - $STD * 60 * 60) / 60);
+
+ // And seconds
+ $SEC = $CONFIG['url_tlock'] - $STD * 60 * 60 - $MIN * 60;
+
+ // Finally contruct the message
+ $MSG = MEMBER_URL_TIME_LOCK."<BR>".CONFIG_URL_TLOCK." ".$STD." ".
+ HOURS.", ".$MIN." ".MINS." "._AND." ".$SEC." ".SECS."<BR>".
+ MEMBER_LAST_TLOCK.": ".$LORDER;
+ break;
+
+ case CODE_OVERLENGTH:
+ $MSG = MEMBER_TEXT_OVERLENGTH;
+ break;
+
+ case CODE_URL_FOUND:
+ $MSG = MEMBER_TEXT_CONTAINS_URL;
+ break;
+
+ case CODE_SUBJ_URL:
+ $MSG = MEMBER_SUBJ_CONTAINS_URL;
+ break;
+
+ case CODE_BLIST_URL:
+ $MSG = MEMBER_URL_BLACK_LISTED."<BR>
+".MEMBER_BLIST_TIME.": ".MAKE_DATETIME($_GET['blist'], "0");
+ break;
+
+ case CODE_NO_RECS_LEFT:
+ $MSG = MEMBER_SELECTED_MORE_RECS;
+ break;
+
+ case CODE_INVALID_TAGS:
+ $MSG = MEMBER_HTML_INVALID_TAGS;
+ break;
+
+ case CODE_MORE_POINTS:
+ $MSG = MEMBER_MORE_POINTS_NEEDED;
+ break;
+
+ case CODE_MORE_RECEIVERS1:
+ $MSG = MEMBER_ENTER_MORE_RECEIVERS;
+ break;
+
+ case CODE_MORE_RECEIVERS2:
+ $MSG = MEMBER_NO_MORE_RECEIVERS_FOUND;
+ break;
+
+ case CODE_MORE_RECEIVERS3:
+ $MSG = MEMBER_ENTER_MORE_MIN_RECEIVERS_1.$CONFIG['order_min'].MEMBER_ENTER_MORE_MIN_RECEIVERS_2;
+ break;
+
+ case CODE_INVALID_URL:
+ $MSG = MEMBER_ENTER_INVALID_URL;
+ break;
+
+ case "": // When no error code is included in the URL we do not need to output an error message as well...
+ break;
+
+ default:
+ $MSG = UNKNOWN_CODE_1.$_GET['msg'].UNKNOWN_CODE_2;
+ break;
+ }
+ if (!empty($MSG))
+ {
+ // We got system message so we drop it out to the user
+ LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
+ }
+
+ // Load all email types...
+ while ($TYPES[] = SQL_FETCHROW($result))
+ {
+ // Nothing to do here... ;-)
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Output user's points
+ $TOTAL = TRANSLATE_COMMA($TOTAL);
+
+ // Check how many mail orders he has placed today and how many he's allowed to send
+ switch ($CONFIG['order_max'])
+ {
+ case "MAX": // He is allowed to send as much as possible
+ define('ORDER_MAX_VALUE', ORDER_ALLOED_MAX);
+ break;
+
+ case "ORDER": // He is allowed to send as much as he setup the receiving value
+ define('ORDER_MAX_VALUE', ORDER_ALLOWED_RECEIVE_1.$ALLOWED.ORDER_ALLOWED_RECEIVE_2.$MAXI.ORDER_ALLOWED_RECEIVE_3);
+ break;
+ }
+
+ // Load final template
+ LOAD_TEMPLATE("member_order_points", false, $TOTAL);
+
+ // Reset variables
+ $OLD_ORDER = false; $subject = ""; $text = ""; $target = "";
+
+ // Check if we already have an order placed and make it editable
+ $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND data_type='TEMP' LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Old order found
+ list($subject, $text, $payment, $tstamp, $url, $target, $cat, $zip) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+
+ // Fix max receivers when it is too much
+ if ($target > $CATS['uids'][$cat]) $target = $CATS['uids'][$cat];
+
+ // Old order is grabbed
+ $OLD_ORDER = true;
+ }
+ else
+ {
+ // Default output for that your members don't forget it...
+ $url = "http://";
+ }
+
+ // 01 2 21 12 2 23 443 3 3210
+ if ((!empty($_POST['data'])) || (($CONFIG['order_multi_page'] == "N") && ((!IS_ADMIN()) && (!$HTML_EXT))))
+ {
+ // Pre-output categories
+ $CAT = "";
+ foreach ($CATS['id'] as $key=>$value)
+ {
+ $CAT .= " <OPTION value=\"".$value."\"";
+ if (($OLD_ORDER) && ($cat == $value)) $CAT .= " selected=\"selected\"";
+ $CAT .= ">".$CATS['name'][$key]." (".$CATS['uids'][$key]." ".USER_IN_CAT.")</OPTION>\n";
+ }
+ // Mail type
+ $TYPE = "";
+ foreach ($TYPES as $key=>$value)
+ {
+ $P = TRANSLATE_COMMA($TYPES[$key][1]);
+ if (is_array($value))
+ {
+ // Output option line
+ $TYPE .= " <OPTION value=\"".$TYPES[$key][0]."\"";
+ if (($OLD_ORDER) && ($payment == $TYPES[$key][0])) $TYPE .= " selected=\"selected\"";
+ $TYPE .= ">".$P." ".PER_MAIL." - ".$TYPES[$key][3]." - ".round($TYPES[$key][2])." ".PAYMENT."</OPTION>\n";
+ }
+ }
+
+ // Put all in constants for the template
+ define('CATEGORY_SELECTION', $CAT);
+ define('TYPE_SELECTION', $TYPE);
+ define('TARGET', $target);
+ define('SUBJECT', $subject);
+ define('TEXT', COMPILE_CODE($text));
+ define('T_URL', $url);
+
+ if (!empty($_POST['zip']))
+ {
+ // Output entered ZIP code
+ define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, $_POST['zip']));
+ }
+ else
+ {
+ define('ZIP_OUTPUT', "<TR><TD colspan=\"5\" height=\"5\" class=\"seperator\"> </TD></TR>");
+ }
+ // HTML extension
+ if (($HTML_EXT) && ($_POST['html'] == "Y"))
+ {
+ // Extension is active so output valid HTML tags
+ define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS()));
+ }
+ else
+ {
+ // Extension not active and/or class not uploaded
+ define('MEMBER_HTML_EXTENSION', "<TR><TD colspan=\"5\"><INPUT type=\"hidden\" name=\"html\" value=\"N\"></TD></TR>");
+ }
+
+ // Output form for page 2
+ LOAD_TEMPLATE("member_order_page2");
+ }
+ else
+ {
+ // Remember maybe entered ZIP code in constant
+ $ADD = "";
+ if ($HTML_EXT)
+ {
+ // Add some content when html extension is active
+ if (($CONFIG['order_multi_page'] == "Y") || (IS_ADMIN())) $ADD = "<TR><TD colspan=\"2\" class=\"seperator bottom2\" height=\"5\"> </TD></TR>\n";
+ define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_intro", true));
+ }
+ else
+ {
+ // No HTML extension installed
+ define('MEMBER_HTML_EXTENSION', "<TR><TD colspan=\"2\"><INPUT type=\"hidden\" name=\"html\" value=\"N\"></TD></TR>");
+ }
+ // Do we want ZIP code or not?
+ if (($CONFIG['order_multi_page'] == "Y") || (IS_ADMIN()))
+ {
+ // Yes
+ $content = array(
+ 'zip' => $_POST['zip'],
+ 'add' => $ADD
+ );
+ define('MEMBER_ZIP_CONTENT', LOAD_TEMPLATE("member_order-zip1", true, $content));
+ }
+ else
+ {
+ // No
+ define('MEMBER_ZIP_CONTENT', "");
+ }
+
+ // Output form for page 1 (ZIP code or HTML)
+ LOAD_TEMPLATE("member_order_page1");
+ }
+ }
+ else
+ {
+ // No mail types defined
+ OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_PAYMENTS."</SPAN></STRONG>");
+ }
+ }
+ else
+ {
+ // No points left!
+ OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_POINTS."</SPAN></STRONG>");
+ }
+ }
+ else
+ {
+ // No cateogries are defined yet
+ OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_CATS."</SPAN></STRONG>");
+ }
+}
+ elseif ($mmails == "0")
+{
+ // Please set more than 0 mails per day!
+ LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_HAS_ZERO_MMAILS);
+}
+ else
+{
+ // Please confirm some mails first!
+ LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_LINKS_LEFT_1.$links.MEMBER_LINKS_LEFT_2.$CONFIG['unconfirmed'].MEMBER_LINKS_LEFT_3);
+}
+
+if (!empty($URL))
+{
+ // Redirect to requested URL
+ LOAD_URL($URL);
+}
+
+//
+?>