+ $TEST_NICK_SENDER = $content['sender']['nickname'];
+ $TEST_NICK_REC = $content['recipient']['nickname'];
+
+ // Default is userids for subject line
+ $SENDER = getMemberId();
+ $RECIPIENT = bigintval(postRequestParameter('to_userid'));
+
+ // If nickname is installed we can set the nickname
+ // @TODO Rewrite this to a filter
+ if (isExtensionActive('nickname')) {
+ if (($TEST_NICK_SENDER != getMemberId()) && (!empty($TEST_NICK_SENDER))) {
+ $SENDER = $content['sender']['nickname'];
+ }
+
+ if (($TEST_NICK_REC != postRequestParameter('to_userid')) && (!empty($TEST_NICK_REC))) {
+ $RECIPIENT = $content['recipient']['nickname'];
+ }
+ } // END - if
+
+ // Remember transfer reason and fancy date/time in constants
+ $content['reason'] = secureString(postRequestParameter('reason'));
+ $content['expires'] = createFancyTime(getConfig('transfer_age'));
+
+ // Generate tranafer id
+ $content['trans_id'] = bigintval(generateRandomCode('10', mt_rand(0, 99999), getMemberId(), postRequestParameter('reason')));
+
+ // Add entries to both tables
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_transfers_in` (`userid`, `from_userid`, `points`, `reason`, `time_trans`, `trans_id`) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
+ array(bigintval(postRequestParameter('to_userid')), getMemberId(), bigintval(postRequestParameter('points')), postRequestParameter('reason'), $content['trans_id']), __FILE__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_transfers_out` (`userid`, `to_userid`, `points`, `reason`, `time_trans`, `trans_id`) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
+ array(getMemberId(), bigintval(postRequestParameter('to_userid')), bigintval(postRequestParameter('points')), postRequestParameter('reason'), $content['trans_id']), __FILE__, __LINE__);
+
+ // Add points to account *directly* ...
+ addPointsDirectly('member_transfer', bigintval(postRequestParameter('to_userid')), bigintval(postRequestParameter('points')));
+
+ // ... and add it to current user's used points
+ subtractPoints('transfer', getMemberId(), postRequestParameter('points'));
+
+ // First send email to recipient
+ $message = loadEmailTemplate('member_transfer_recipient', $content, postRequestParameter('to_userid'));
+ sendEmail($content['recipient']['email'], '{--TRANSFER_MEMBER_RECIPIENT_SUBJECT--}' . ': ' . $SENDER, $message);
+
+ // Second send email to sender
+ $message = loadEmailTemplate('member_transfer_sender', $content, getMemberId());
+ sendEmail($content['sender']['email'], '{--TRANSFER_MEMBER_SENDER_SUBJECT--}' . ': ' . $RECIPIENT, $message);
+
+ // At last send admin mail(s)
+ $adminSubject = sprintf("%s (%s->%s)", '{--TRANSFER_ADMIN_SUBJECT--}', $SENDER, $RECIPIENT);
+ sendAdminNotification($adminSubject, 'admin_transfer_points', $content);
+
+ // Transfer is completed
+ loadTemplate('admin_settings_saved', false, '{--TRANSFER_COMPLETED--}' . '<br /><a href="{%url=modules.php?module=login&what=transfer%}">{--TRANSFER_CONTINUE_OVERVIEW--}</a>');
+ } elseif ($valid_code === false) {
+ // Invalid Touring code!
+ loadTemplate('admin_settings_saved', false, '<div class="member_note">{--TRANSFER_INVALID_CODE--}</div>');
+ unsetPostRequestParameter('ok');
+ } elseif ($valid_pass === false) {
+ // Wrong password entered
+ loadTemplate('admin_settings_saved', false, '<div class="member_note">{--TRANSFER_INVALID_PASSWORD--}</div>');
+ unsetPostRequestParameter('ok');
+ } elseif ($valid_amount === false) {
+ // Too much points entered
+ loadTemplate('admin_settings_saved', false, '<div class="member_note">{--TRANSFER_INVALID_POINTS--}</div>');
+ unsetPostRequestParameter('ok');
+ } elseif ($valid_reason === false) {
+ // No transfer reason entered
+ loadTemplate('admin_settings_saved', false, '<div class="member_note">{--TRANSFER_INVALID_REASON--}</div>');
+ unsetPostRequestParameter('ok');
+ } elseif ($valid_recipient === false) {
+ // No recipient selected
+ loadTemplate('admin_settings_saved', false, '<div class="member_note">{--TRANSFER_INVALID_RECIPIENT--}</div>');
+ unsetPostRequestParameter('ok');
+ } elseif ($valid_data === false) {
+ // No recipient/sender selected
+ loadTemplate('admin_settings_saved', false, '<div class="member_note">{--TRANSFER_INVALID_DATA--}</div>');
+ unsetPostRequestParameter('ok');