+ // Remember transfer reason and fancy date/time in constants
+ define('__TRANSFER_REASON', REQUEST_POST('reason'));
+ define('__TRANSFER_EXPIRES', createFancyTime(getConfig('transfer_age')));
+
+ // Generate tranafer id
+ define('__TRANS_ID', bigintval(generateRandomCode("10", mt_rand(0, 99999), getUserId(), REQUEST_POST('reason'))));
+
+ // Add entries to both tables
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_in` (`userid`, `from_uid`, `points`, `reason`, `time_trans`, `trans_id`) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
+ array(bigintval(REQUEST_POST('to_uid')), getUserId(), bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID),
+ __FILE__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_transfers_out` (`userid`, `to_uid`, `points`, `reason`, `time_trans`, `trans_id`) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
+ array(getUserId(), bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')), REQUEST_POST('reason'), __TRANS_ID),
+ __FILE__, __LINE__);
+
+ // Add points to account *directly* ...
+ ADD_POINTS_REFSYSTEM_DIRECT('member_transfer', bigintval(REQUEST_POST('to_uid')), bigintval(REQUEST_POST('points')));
+
+ // ... and add it to current user's used points
+ SUB_POINTS('transfer', getUserId(), REQUEST_POST('points'));
+
+ // First send email to recipient
+ $message = LOAD_EMAIL_TEMPLATE('member_transfer_recipient', '', constant('__RECIPIENT_UID'));
+ sendEmail(constant('__RECIPIENT_EMAIL'), getMessage('TRANSFER_MEMBER_RECIPIENT_SUBJ') . ': ' . $SENDER, $message);
+
+ // Second send email to sender
+ $message = LOAD_EMAIL_TEMPLATE('member_transfer_sender', '', constant('__SENDER_UID'));
+ sendEmail(constant('__SENDER_EMAIL'), getMessage('TRANSFER_MEMBER_SENDER_SUBJ') . ': ' . $RECIPIENT, $message);
+
+ // At last send admin mail(s)
+ $ADMIN_SUBJ = sprintf("%s (%s->%s)", getMessage('TRANSFER_ADMIN_SUBJECT'), $SENDER, $RECIPIENT);
+ sendAdminNotification($ADMIN_SUBJ, 'admin_transfer_points');
+
+ // Transfer is completed
+ LOAD_TEMPLATE('admin_settings_saved', false, getMessage('TRANSFER_COMPLETED')."<br /><a href=\"{!URL!}/modules.php?module=login&what=transfer\">{--TRANSFER_CONTINUE_OVERVIEW--}</a>");
+ } elseif (!$valid_code) {
+ // Invalid Touring code!
+ LOAD_TEMPLATE('admin_settings_saved', false, "<div class=\"member_note\">{--TRANSFER_INVALID_CODE--}</div>");
+ REQUEST_UNSET_POST('ok');
+ } elseif (!$valid_pass) {
+ // Wrong password entered
+ LOAD_TEMPLATE('admin_settings_saved', false, "<div class=\"member_note\">{--TRANSFER_INVALID_PASSWORD--}</div>");
+ REQUEST_UNSET_POST('ok');
+ } elseif (!$valid_amount) {
+ // Too much points entered
+ LOAD_TEMPLATE('admin_settings_saved', false, "<div class=\"member_note\">{--TRANSFER_INVALID_POINTS--}</div>");
+ REQUEST_UNSET_POST('ok');
+ } elseif (!$valid_reason) {
+ // No transfer reason entered
+ LOAD_TEMPLATE('admin_settings_saved', false, "<div class=\"member_note\">{--TRANSFER_INVALID_REASON--}</div>");
+ REQUEST_UNSET_POST('ok');
+ } elseif (!$valid_recipient) {
+ // No recipient selected
+ LOAD_TEMPLATE('admin_settings_saved', false, "<div class=\"member_note\">{--TRANSFER_INVALID_RECIPIENT--}</div>");
+ REQUEST_UNSET_POST('ok');
+ } elseif (!$valid_data) {
+ // No recipient selected
+ LOAD_TEMPLATE('admin_settings_saved', false, "<div class=\"member_note\">{--TRANSFER_INVALID_DATA--}</div>");
+ REQUEST_UNSET_POST('ok');
+ }
+ }
+
+ if (!isFormSent()) {
+ // Load member list
+ if (EXT_IS_ACTIVE('nickname')) {
+ // Load userid and nickname
+ $result = SQL_QUERY_ESC("SELECT `userid`, `nickname` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' AND `opt_in`='Y' AND `userid` != '%s' ORDER BY `userid` ASC",
+ array(getUserId()), __FILE__, __LINE__);
+ } else {
+ // Load only userid
+ $result = SQL_QUERY_ESC("SELECT `userid`, `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' AND `opt_in`='Y' AND `userid` != '%s' ORDER BY `userid` ASC",
+ array(getUserId()), __FILE__, __LINE__);
+ }
+
+ if (SQL_NUMROWS($result) > 0) {
+ // Load list
+ $OUT = "<select name=\"to_uid\" size=\"1\" class=\"member_select\">
+ <option value=\"0\">{--SELECT_NONE--}</option>\n";
+ // @TODO Try to rewrite his to $content = SQL_FETCHARRAY(), see some lines above for two different queries
+ while (list($uid, $nick) = SQL_FETCHROW($result)) {
+ $OUT .= " <option value=\"".$uid."\"";
+ if ((REQUEST_ISSET_POST(('to_uid'))) && (REQUEST_POST('to_uid') == $uid)) $OUT .= ' selected="selected"';
+ $OUT .= ">";
+ if (($nick != $uid) && (!empty($nick))) {
+ // Output nickname
+ $OUT .= $nick;
+ } else {
+ // Output userid
+ $OUT .= $uid;
+ }
+ $OUT .= "</option>\n";