-<?php\r
-/************************************************************************\r
- * MXChange v0.2.1 Start: 10/07/2004 *\r
- * ================ Last change: 10/07/2004 *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * File : what-transfer.php *\r
- * -------------------------------------------------------------------- *\r
- * Short description : Point transfers *\r
- * -------------------------------------------------------------------- *\r
- * Kurzbeschreibung : Punktetransfers *\r
- * -------------------------------------------------------------------- *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * Copyright (c) 2003 - 2008 by Roland Haeder *\r
- * For more information visit: http://www.mxchange.org *\r
- * *\r
- * This program is free software; you can redistribute it and/or modify *\r
- * it under the terms of the GNU General Public License as published by *\r
- * the Free Software Foundation; either version 2 of the License, or *\r
- * (at your option) any later version. *\r
- * *\r
- * This program is distributed in the hope that it will be useful, *\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *\r
- * GNU General Public License for more details. *\r
- * *\r
- * You should have received a copy of the GNU General Public License *\r
- * along with this program; if not, write to the Free Software *\r
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *\r
- * MA 02110-1301 USA *\r
- ************************************************************************/\r
-\r
-// Some security stuff...\r
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
-{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
- require($INC);\r
-}\r
- elseif (!IS_LOGGED_IN())\r
-{\r
- LOAD_URL(URL."/modules.php?module=index");\r
-}\r
- elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN()))\r
-{\r
- ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "transfer");\r
- return;\r
-}\r
-\r
-// Add description as navigation point\r
-ADD_DESCR("member", basename(__FILE__));\r
-\r
-// Load data\r
-$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
-list($opt_in) = SQL_FETCHROW($result);\r
-\r
-// Free memory\r
-SQL_FREERESULT($result);\r
-\r
-$MODE = "";\r
-if (!empty($_GET['mode'])) $MODE = $_GET['mode'];\r
-\r
-// Check for "faker"\r
-if (($opt_in == "N") && ($MODE == "new")) $MODE = "";\r
-\r
-switch ($MODE)\r
-{\r
-case "new": // Start new transfer\r
- // Get total points and subtract the balance amount from it = maximum transferable points\r
- $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
- list($total) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
-\r
- // Get totally used points and password\r
- $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
- list($used, $pass) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
-\r
- // Remember maximum value for template\r
- define('__TRANSFER_MAX_VALUE', round($total - $used - $CONFIG['transfer_balance'] - 0.5));\r
-\r
- if (isset($_POST['ok']))\r
- {\r
- // Add new transfer\r
- if ($CONFIG['transfer_code'] > 0)\r
- {\r
- // Check for code\r
- $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);\r
- $valid_code = ($code == $_POST['code']);\r
- }\r
- else\r
- {\r
- // Zero length (= disabled) is always valid!\r
- $valid_code = true;\r
- }\r
-\r
- // Test password\r
- $valid_pass = ($pass == generateHash($_POST['password'], $pass));\r
-\r
- // Test transfer amount\r
- $valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE));\r
-\r
- // Test reason for transfer\r
- $valid_reason = (!empty($_POST['reason']));\r
-\r
- // Test if a recipient is selected\r
- $valid_recipient = ($_POST['to_uid'] > 0);\r
-\r
- // Check for nickname extension and set additional data\r
- $nick = false; $ADD = ", userid";\r
- if (EXT_IS_ACTIVE("nickname"))\r
- {\r
- $ADD = ", nickname";\r
- $nick = true;\r
- }\r
- // Re-check receivers and own personal data\r
- $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",\r
- array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);\r
- $valid_data = (SQL_NUMROWS($result) == 2);\r
-\r
- if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient)\r
- {\r
- // Let's start the transfer and load user data\r
- list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);\r
- list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- if ($uid1 == $GLOBALS['userid'])\r
- {\r
- // Data row 1 is sender's data\r
- define('__SENDER_SEX' , TRANSLATE_SEX($sex1));\r
- define('__SENDER_NICK' , $nick1);\r
- define('__SENDER_SNAME' , $sname1);\r
- define('__SENDER_FNAME' , $fname1);\r
- define('__SENDER_EMAIL' , $email1);\r
- // Data row 2 is recpient's data\r
- define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2));\r
- define('__RECIPIENT_NICK' , $nick2);\r
- define('__RECIPIENT_SNAME', $sname2);\r
- define('__RECIPIENT_FNAME', $fname2);\r
- define('__RECIPIENT_EMAIL', $email2);\r
-\r
- // Prepare variables for testing\r
- $TEST_NICK_SENDER = $nick1;\r
- $TEST_NICK_REC = $nick2;\r
- }\r
- else\r
- {\r
- // Data row 2 is sender's data\r
- define('__SENDER_SEX' , TRANSLATE_SEX($sex2));\r
- define('__SENDER_NICK' , $nick2);\r
- define('__SENDER_SNAME' , $sname2);\r
- define('__SENDER_FNAME' , $fname2);\r
- define('__SENDER_EMAIL' , $email2);\r
- // Data row 1 is recpient's data\r
- define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1));\r
- define('__RECIPIENT_NICK' , $nick1);\r
- define('__RECIPIENT_SNAME', $sname1);\r
- define('__RECIPIENT_FNAME', $fname1);\r
- define('__RECIPIENT_EMAIL', $email1);\r
-\r
- // Prepare variables for testing\r
- $TEST_NICK_SENDER = $nick2;\r
- $TEST_NICK_REC = $nick1;\r
- }\r
- // Sender's UID is always currently stored in cookie userid...\r
- define('__SENDER_UID' , $GLOBALS['userid']);\r
- define('__RECIPIENT_UID' , $_POST['to_uid']);\r
-\r
- $SENDER = __SENDER_UID;\r
- $RECIPIENT = __RECIPIENT_UID;\r
- if ($nick)\r
- {\r
- if (($TEST_NICK_SENDER != __SENDER_UID) && (!empty($TEST_NICK_SENDER)))\r
- {\r
- $SENDER = __SENDER_NICK;\r
- }\r
- if (($TEST_NICK_REC != __RECIPIENT_UID) && (!empty($TEST_NICK_REC)))\r
- {\r
- $RECIPIENT = __RECIPIENT_NICK;\r
- }\r
- }\r
-\r
- // Remember transfer reason and fancy date/time in constants\r
- define('__TRANSFER_REASON', $_POST['reason']);\r
- if (function_exists('CREATE_FANCY_TIME'))\r
- {\r
- define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($CONFIG['transfer_age']));\r
- }\r
- else\r
- {\r
- define('__TRANSFER_EXPIRES', round($CONFIG['transfer_age']/60/60/24)." ".DAYS);\r
- }\r
-\r
- // Generate tranafer id\r
- define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));\r
-\r
- // Add entries to both tables\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",\r
- array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),\r
- __FILE__, __LINE__);\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",\r
- array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),\r
- __FILE__, __LINE__);\r
-\r
- // Add points to account *directly* ...\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth='0' LIMIT 1",\r
- array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);\r
-\r
- // ... and add it to current user's used points\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",\r
- array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
- // First send email to recipient\r
- $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);\r
- SEND_EMAIL(__RECIPIENT_EMAIL, TRANSFER_MEMBER_RECIPIENT_SUBJ.": ".$SENDER, $msg);\r
-\r
- // Second send email to sender\r
- $msg = LOAD_EMAIL_TEMPLATE("member_transfer_sender", "", __SENDER_UID);\r
- SEND_EMAIL(__SENDER_EMAIL, TRANSFER_MEMBER_SENDER_SUBJ.": ".$RECIPIENT, $msg);\r
-\r
- // At last send admin mail(s)\r
- $ADMIN_SUBJ = TRANSFER_ADMIN_SUBJECT." (".$SENDER."->".$RECIPIENT.")";\r
- if (GET_EXT_VERSION("admins") >= "0.4.1")\r
- {\r
- SEND_ADMIN_EMAILS_PRO($ADMIN_SUBJ, "admin_transfer_points");\r
- }\r
- else\r
- {\r
- $msg = LOAD_EMAIL_TEMPLATE("admin_transfer_points");\r
- SEND_ADMIN_EMAILS($ADMIN_SUBJ, $msg);\r
- }\r
-\r
- // Transfer is completed\r
- OUTPUT_HTML ("<P>");\r
- LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."<BR><A href=\"".URL."/modules.php?module=login&what=transfer\">".TRANSFER_CONTINUE_OVERVIEW."</A>");\r
- OUTPUT_HTML ("</P>");\r
- }\r
- elseif (!$valid_code)\r
- {\r
- // Invalid Touring code!\r
- OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_CODE."</STRONG></P>");\r
- unset($_POST['ok']);\r
- }\r
- elseif (!$valid_pass)\r
- {\r
- // Wrong password entered\r
- OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_PASSWORD."</STRONG></P>");\r
- unset($_POST['ok']);\r
- }\r
- elseif (!$valid_amount)\r
- {\r
- // Too much points entered\r
- OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_POINTS."</STRONG></P>");\r
- unset($_POST['ok']);\r
- }\r
- elseif (!$valid_reason)\r
- {\r
- // No transfer reason entered\r
- OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_REASON."</STRONG></P>");\r
- unset($_POST['ok']);\r
- }\r
- elseif (!$valid_recipient)\r
- {\r
- // No recipient selected\r
- OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_RECIPIENT."</STRONG></P>");\r
- unset($_POST['ok']);\r
- }\r
- elseif (!$valid_data)\r
- {\r
- // No recipient selected\r
- OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_DATA."</STRONG></P>");\r
- unset($_POST['ok']);\r
- }\r
- }\r
- if (!isset($_POST['ok']))\r
- {\r
- // Load member list\r
- if (EXT_IS_ACTIVE("nickname"))\r
- {\r
- // Load userid and nickname\r
- $result = SQL_QUERY_ESC("SELECT userid, nickname FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
- }\r
- else\r
- {\r
- // Load only userid\r
- $result = SQL_QUERY_ESC("SELECT userid, userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",\r
- array($GLOBALS['userid']), __FILE__, __LINE__);\r
- }\r
- if (SQL_NUMROWS($result) > 0)\r
- {\r
- // Load list\r
- $OUT = "<SELECT name=\"to_uid\" size=\"1\" class=\"member_select\">\r
- <OPTION value=\"0\">".SELECT_NONE."</OPTION>\n";\r
- while (list($uid, $nick) = SQL_FETCHROW($result))\r
- {\r
- $OUT .= "<OPTION value=\"".$uid."\"";\r
- if ((isset($_POST['to_uid'])) && ($_POST['to_uid'] == $uid)) $OUT .= " selected=\"selected\"";\r
- $OUT .= ">";\r
- if (($nick != $uid) && (!empty($nick)))\r
- {\r
- // Output nickname\r
- $OUT .= $nick;\r
- }\r
- else\r
- {\r
- // Output userid\r
- $OUT .= $uid;\r
- }\r
- $OUT .= "</OPTION>\n";\r
- }\r
- $OUT .= "</SELECT>\n";\r
- define('__TRANSFER_TO_DISABLED', "");\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
- }\r
- else\r
- {\r
- // No one else is opt-in\r
- $OUT = TRANSFER_NO_ONE_ELSE_OPT_IN;\r
- define('__TRANSFER_TO_DISABLED', " disabled");\r
- }\r
- // Transfer output to constant for the template\r
- define('__TRANSFER_USERID_SELECTION', $OUT);\r
-\r
- // Generate Code\r
- if ($CONFIG['transfer_code'] > 0)\r
- {\r
- $rand = rand(0, 99999);\r
- $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);\r
- $img = GENERATE_IMAGE($code, false);\r
- define('__TRANSFER_IMAGE_INPUT', "<INPUT type=\"hidden\" name=\"code_chk\" value=\"".$rand."\"><INPUT type=\"text\" name=\"code\" class=\"member_normal\" size=\"5\" maxlength=\"7\"".__TRANSFER_TO_DISABLED."> ".$img);\r
- }\r
- else\r
- {\r
- $code = "00000";\r
- define('__TRANSFER_IMAGE_INPUT', TRANSFER_NO_CODE);\r
- }\r
-\r
- // Transfer maybe already entered valued'\r
- if (isset($_GET['ok'])) {\r
- // Get values from form\r
- define('__TRANSFER_POINTS_VALUE', bigintval($_POST['points']));\r
- define('__TRANSFER_REASON_VALUE', strip_tags($_POST['reason']));\r
- } else {\r
- // Set empty values\r
- define('__TRANSFER_POINTS_VALUE', "");\r
- define('__TRANSFER_REASON_VALUE', "");\r
- }\r
-\r
- // Output form\r
- LOAD_TEMPLATE("member_transfer_new");\r
- }\r
- break;\r
-\r
-case "list_in": // List only incoming transactions\r
-case "list_out": // List only outgoing transactions\r
- // As you can see I put list_in and list_out together. I now do a switch() again on it for the right SQL command\r
- switch ($MODE)\r
- {\r
- case "list_in":\r
- $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max'];\r
- $NOTHING = TRANSFER_NO_INCOMING_TRANSFERS;\r
- define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING);\r
- define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING);\r
- break;\r
-\r
- case "list_out":\r
- $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max'];\r
- $NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS;\r
- define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING);\r
- define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING);\r
- break;\r
- }\r
-\r
- // Run the SQL command\r
- $total = "0";\r
- $result = SQL_QUERY_ESC($SQL, array($GLOBALS['userid']), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) > 0)\r
- {\r
- $OUT = ""; $SW = 2;\r
- while (list($tid, $uid, $points, $reason, $stamp) = SQL_FETCHROW($result))\r
- {\r
- if ($type == "OUT") $points = "$points-";\r
- $OUT .= "<TR>\r
- <TD class=\"transfer_row1 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row1\">".$tid."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row2 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row2\">".MAKE_DATETIME($stamp, "3")."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row3 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row3\">".$uid."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row4 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row4\">".$reason."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row5 switch_sw".$SW." bottom2\">\r
- <FONT class=\"transfer_row5\">".$points."</FONT>\r
- </TD>\r
-</TR>\n";\r
- $total += $points;\r
- $SW = 3 - $SW;\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
- }\r
- else\r
- {\r
- // Nothing for in or out\r
- $OUT = "<TR>\r
- <TD colspan=\"5\" align=\"center\" class=\"bottom2\" height=\"70\">\r
- ".LOAD_TEMPLATE("admin_settings_saved", true, $NOTHING)."\r
- </TD>\r
-</TR>";\r
- }\r
-\r
- // ... and add them to a constant for the template\r
- define('__TRANSFER_ROWS', $OUT);\r
-\r
- // Remeber total amount\r
- define('__TRANSFER_TOTAL_VALUE', $total);\r
-\r
- // Load final template\r
- LOAD_TEMPLATE("member_transfer_list");\r
- break;\r
-\r
-case "list_all": // List all transactions\r
- // We fill a temporay table with data from both tables. This is much easier\r
- // to code and unstand by you as sub-SELECT queries. I know this is not the\r
- // fastest way but it shall be fine for now.\r
- //\r
- // First of all create the temporary table\r
- $result = SQL_QUERY("CREATE TEMPORARY TABLE "._MYSQL_PREFIX."_transfers_tmp (\r
-trans_id varchar(12) not null default '',\r
-party_uid bigint(20) not null default '0',\r
-points bigint(20) not null default '0',\r
-reason varchar(255) not null default '',\r
-time_trans varchar(10) not null default '0',\r
-trans_type enum('IN', 'OUT') not null default 'IN',\r
-KEY(party_uid)\r
-) TYPE=HEAP", __FILE__, __LINE__);\r
-\r
- // Let's begin with the incoming list\r
- $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s",\r
-array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__);\r
- while ($DATA = SQL_FETCHROW($result))\r
- {\r
- $DATA[] = "IN";\r
- $DATA = implode("', '", $DATA);\r
- $res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__);\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // As the last table transfer data from outgoing table to temporary\r
- $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s",\r
-array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__);\r
- while ($DATA = SQL_FETCHROW($result))\r
- {\r
- $DATA[] = "OUT";\r
- $DATA = implode("', '", $DATA);\r
- $res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__);\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- $total = "0";\r
- if (SQL_NUMROWS($result) > 0)\r
- {\r
- // Output rows\r
- $OUT = ""; $SW = 2;\r
- $result = SQL_QUERY("SELECT party_uid, trans_id, points, reason, time_trans, trans_type FROM "._MYSQL_PREFIX."_transfers_tmp ORDER BY time_trans DESC", __FILE__, __LINE__);\r
- while(list($uid, $idx, $points, $reason, $stamp, $type) = SQL_FETCHROW($result))\r
- {\r
- if ($type == "OUT") $points = "-$points";\r
- $OUT .= "<TR>\r
- <TD class=\"transfer_row1 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row1\">".$idx."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row2 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row2\">".MAKE_DATETIME($stamp, "3")."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row3 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row3\">".$uid."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row4 switch_sw".$SW." bottom2 right2\">\r
- <FONT class=\"transfer_row4\">".$reason."</FONT>\r
- </TD>\r
- <TD class=\"transfer_row5 switch_sw".$SW." bottom2\">\r
- <FONT class=\"transfer_row5\">".$points."</FONT>\r
- </TD>\r
-</TR>\n";\r
- $total += $points;\r
- $SW = 3 - $SW;\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
- }\r
- else\r
- {\r
- // Nothing for in and out\r
- $OUT = "<TR>\r
- <TD colspan=\"5\" align=\"center\" class=\"bottom2\" height=\"70\">\r
- ".LOAD_TEMPLATE("admin_settings_saved", true, TRANSFER_NO_INOUT_TRANSFERS)."\r
- </TD>\r
-</TR>";\r
- }\r
-\r
- // ... and add them to a constant for the template\r
- define('__TRANSFER_ROWS', $OUT);\r
-\r
- // Remeber total amount\r
- define('__TRANSFER_TOTAL_VALUE', $total);\r
-\r
- // Set title\r
- define('__TRANSFER_TITLE', TRANSFER_LIST_ALL);\r
-\r
- // Set "balance" word\r
- define('__TRANSFER_SUM', TRANSFER_TOTAL_BALANCE);\r
-\r
- // Load final template\r
- LOAD_TEMPLATE("member_transfer_list");\r
-\r
- // At the end we don't need a temporay table in memory\r
- $result = SQL_QUERY("DROP TABLE IF EXISTS "._MYSQL_PREFIX."_transfers_tmp", __FILE__, __LINE__);\r
-\r
- // Free some memory...\r
- SQL_FREERESULT($result);\r
- break;\r
-\r
-case "": // Overview page\r
- // Check incoming transfers\r
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);\r
- list($dmy) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
-\r
- $total=$dmy;\r
- if ($dmy > 0)\r
- {\r
- define('__TRANSFER_IN_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=list_in\">".$dmy."</A>");\r
- }\r
- else\r
- {\r
- define('__TRANSFER_IN_LINK', $dmy);\r
- }\r
-\r
- // Check outgoing transfers\r
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);\r
- list($dmy) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
-\r
- $total+=$dmy;\r
- if ($dmy > 0)\r
- {\r
- define('__TRANSFER_OUT_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=list_out\">".$dmy."</A>");\r
- }\r
- else\r
- {\r
- define('__TRANSFER_OUT_LINK', $dmy);\r
- }\r
-\r
- // Total transactions\r
- if ($total > 0)\r
- {\r
- define('__TRANSFER_ALL_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=list_all\">".$total."</A>");\r
- }\r
- else\r
- {\r
- define('__TRANSFER_ALL_LINK', $total);\r
- }\r
-\r
- if (isset($_POST['ok']))\r
- {\r
- // Save settings\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1",\r
- array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);\r
-\r
- // Rember for next switch() command\r
- $opt_in = $_POST['opt_in'];\r
-\r
- // "Settings saved..."\r
- OUTPUT_HTML ("<P><STRONG class=\"member_done\">".SETTINGS_SAVED."</STRONG></P>");\r
- }\r
- switch ($opt_in)\r
- {\r
- case "Y":\r
- define('__TRANSFER_ALLOW_Y', " checked");\r
- define('__TRANSFER_ALLOW_N', "");\r
- define('__TRANSFER_NEW_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=new\">".TRANSFER_NOW_LINK."</A>");\r
- break;\r
-\r
- case "N":\r
- define('__TRANSFER_ALLOW_Y', "");\r
- define('__TRANSFER_ALLOW_N', " checked");\r
- define('__TRANSFER_NEW_LINK', TRANSFER_PLEASE_ALLOW_OPT_IN);\r
- break;\r
- }\r
-\r
- // Check for latest out-transfers\r
- $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 0)\r
- {\r
- // Load template\r
- define('__TRANSFER_SETTINGS_CONTENT', LOAD_TEMPLATE("member_transfer_settings", true));\r
- }\r
- else\r
- {\r
- // Load newest transaction\r
- list($newest) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- define('__TRANSFER_SETTINGS_CONTENT', TRANSFER_LATEST_IS_1.MAKE_DATETIME($newest, "3").TRANSFER_LATEST_IS_2);\r
- }\r
- // Load template\r
- LOAD_TEMPLATE("member_transfer_overview");\r
- break;\r
-}\r
-//\r
-?>\r
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 10/07/2004 *
+ * ================ Last change: 10/07/2004 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : what-transfer.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Point transfers *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Punktetransfers *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
+{
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+ elseif (!IS_LOGGED_IN())
+{
+ LOAD_URL(URL."/modules.php?module=index");
+}
+ elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN()))
+{
+ ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "transfer");
+ return;
+}
+
+// Add description as navigation point
+ADD_DESCR("member", basename(__FILE__));
+
+// Load data
+$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+list($opt_in) = SQL_FETCHROW($result);
+
+// Free memory
+SQL_FREERESULT($result);
+
+$MODE = "";
+if (!empty($_GET['mode'])) $MODE = $_GET['mode'];
+
+// Check for "faker"
+if (($opt_in == "N") && ($MODE == "new")) $MODE = "";
+
+switch ($MODE)
+{
+case "new": // Start new transfer
+ // Get total points and subtract the balance amount from it = maximum transferable points
+ $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+ list($total) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+
+ // Get totally used points and password
+ $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+ list($used, $pass) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+
+ // Remember maximum value for template
+ define('__TRANSFER_MAX_VALUE', round($total - $used - $CONFIG['transfer_balance'] - 0.5));
+
+ if (isset($_POST['ok']))
+ {
+ // Add new transfer
+ if ($CONFIG['transfer_code'] > 0)
+ {
+ // Check for code
+ $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
+ $valid_code = ($code == $_POST['code']);
+ }
+ else
+ {
+ // Zero length (= disabled) is always valid!
+ $valid_code = true;
+ }
+
+ // Test password
+ $valid_pass = ($pass == generateHash($_POST['password'], $pass));
+
+ // Test transfer amount
+ $valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE));
+
+ // Test reason for transfer
+ $valid_reason = (!empty($_POST['reason']));
+
+ // Test if a recipient is selected
+ $valid_recipient = ($_POST['to_uid'] > 0);
+
+ // Check for nickname extension and set additional data
+ $nick = false; $ADD = ", userid";
+ if (EXT_IS_ACTIVE("nickname"))
+ {
+ $ADD = ", nickname";
+ $nick = true;
+ }
+ // Re-check receivers and own personal data
+ $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
+ array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
+ $valid_data = (SQL_NUMROWS($result) == 2);
+
+ if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient)
+ {
+ // Let's start the transfer and load user data
+ list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);
+ list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ if ($uid1 == $GLOBALS['userid'])
+ {
+ // Data row 1 is sender's data
+ define('__SENDER_SEX' , TRANSLATE_SEX($sex1));
+ define('__SENDER_NICK' , $nick1);
+ define('__SENDER_SNAME' , $sname1);
+ define('__SENDER_FNAME' , $fname1);
+ define('__SENDER_EMAIL' , $email1);
+ // Data row 2 is recpient's data
+ define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2));
+ define('__RECIPIENT_NICK' , $nick2);
+ define('__RECIPIENT_SNAME', $sname2);
+ define('__RECIPIENT_FNAME', $fname2);
+ define('__RECIPIENT_EMAIL', $email2);
+
+ // Prepare variables for testing
+ $TEST_NICK_SENDER = $nick1;
+ $TEST_NICK_REC = $nick2;
+ }
+ else
+ {
+ // Data row 2 is sender's data
+ define('__SENDER_SEX' , TRANSLATE_SEX($sex2));
+ define('__SENDER_NICK' , $nick2);
+ define('__SENDER_SNAME' , $sname2);
+ define('__SENDER_FNAME' , $fname2);
+ define('__SENDER_EMAIL' , $email2);
+ // Data row 1 is recpient's data
+ define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1));
+ define('__RECIPIENT_NICK' , $nick1);
+ define('__RECIPIENT_SNAME', $sname1);
+ define('__RECIPIENT_FNAME', $fname1);
+ define('__RECIPIENT_EMAIL', $email1);
+
+ // Prepare variables for testing
+ $TEST_NICK_SENDER = $nick2;
+ $TEST_NICK_REC = $nick1;
+ }
+ // Sender's UID is always currently stored in cookie userid...
+ define('__SENDER_UID' , $GLOBALS['userid']);
+ define('__RECIPIENT_UID' , $_POST['to_uid']);
+
+ $SENDER = __SENDER_UID;
+ $RECIPIENT = __RECIPIENT_UID;
+ if ($nick)
+ {
+ if (($TEST_NICK_SENDER != __SENDER_UID) && (!empty($TEST_NICK_SENDER)))
+ {
+ $SENDER = __SENDER_NICK;
+ }
+ if (($TEST_NICK_REC != __RECIPIENT_UID) && (!empty($TEST_NICK_REC)))
+ {
+ $RECIPIENT = __RECIPIENT_NICK;
+ }
+ }
+
+ // Remember transfer reason and fancy date/time in constants
+ define('__TRANSFER_REASON', $_POST['reason']);
+ if (function_exists('CREATE_FANCY_TIME'))
+ {
+ define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($CONFIG['transfer_age']));
+ }
+ else
+ {
+ define('__TRANSFER_EXPIRES', round($CONFIG['transfer_age']/60/60/24)." ".DAYS);
+ }
+
+ // Generate tranafer id
+ define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));
+
+ // Add entries to both tables
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",
+ array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
+ __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",
+ array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
+ __FILE__, __LINE__);
+
+ // Add points to account *directly* ...
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth='0' LIMIT 1",
+ array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);
+
+ // ... and add it to current user's used points
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
+ array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__);
+
+ // First send email to recipient
+ $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
+ SEND_EMAIL(__RECIPIENT_EMAIL, TRANSFER_MEMBER_RECIPIENT_SUBJ.": ".$SENDER, $msg);
+
+ // Second send email to sender
+ $msg = LOAD_EMAIL_TEMPLATE("member_transfer_sender", "", __SENDER_UID);
+ SEND_EMAIL(__SENDER_EMAIL, TRANSFER_MEMBER_SENDER_SUBJ.": ".$RECIPIENT, $msg);
+
+ // At last send admin mail(s)
+ $ADMIN_SUBJ = TRANSFER_ADMIN_SUBJECT." (".$SENDER."->".$RECIPIENT.")";
+ if (GET_EXT_VERSION("admins") >= "0.4.1")
+ {
+ SEND_ADMIN_EMAILS_PRO($ADMIN_SUBJ, "admin_transfer_points");
+ }
+ else
+ {
+ $msg = LOAD_EMAIL_TEMPLATE("admin_transfer_points");
+ SEND_ADMIN_EMAILS($ADMIN_SUBJ, $msg);
+ }
+
+ // Transfer is completed
+ OUTPUT_HTML ("<P>");
+ LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."<BR><A href=\"".URL."/modules.php?module=login&what=transfer\">".TRANSFER_CONTINUE_OVERVIEW."</A>");
+ OUTPUT_HTML ("</P>");
+ }
+ elseif (!$valid_code)
+ {
+ // Invalid Touring code!
+ OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_CODE."</STRONG></P>");
+ unset($_POST['ok']);
+ }
+ elseif (!$valid_pass)
+ {
+ // Wrong password entered
+ OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_PASSWORD."</STRONG></P>");
+ unset($_POST['ok']);
+ }
+ elseif (!$valid_amount)
+ {
+ // Too much points entered
+ OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_POINTS."</STRONG></P>");
+ unset($_POST['ok']);
+ }
+ elseif (!$valid_reason)
+ {
+ // No transfer reason entered
+ OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_REASON."</STRONG></P>");
+ unset($_POST['ok']);
+ }
+ elseif (!$valid_recipient)
+ {
+ // No recipient selected
+ OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_RECIPIENT."</STRONG></P>");
+ unset($_POST['ok']);
+ }
+ elseif (!$valid_data)
+ {
+ // No recipient selected
+ OUTPUT_HTML ("<P><STRONG class=\"member_note\">".TRANSFER_INVALID_DATA."</STRONG></P>");
+ unset($_POST['ok']);
+ }
+ }
+ if (!isset($_POST['ok']))
+ {
+ // Load member list
+ if (EXT_IS_ACTIVE("nickname"))
+ {
+ // Load userid and nickname
+ $result = SQL_QUERY_ESC("SELECT userid, nickname FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+ }
+ else
+ {
+ // Load only userid
+ $result = SQL_QUERY_ESC("SELECT userid, userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+ }
+ if (SQL_NUMROWS($result) > 0)
+ {
+ // Load list
+ $OUT = "<SELECT name=\"to_uid\" size=\"1\" class=\"member_select\">
+ <OPTION value=\"0\">".SELECT_NONE."</OPTION>\n";
+ while (list($uid, $nick) = SQL_FETCHROW($result))
+ {
+ $OUT .= "<OPTION value=\"".$uid."\"";
+ if ((isset($_POST['to_uid'])) && ($_POST['to_uid'] == $uid)) $OUT .= " selected=\"selected\"";
+ $OUT .= ">";
+ if (($nick != $uid) && (!empty($nick)))
+ {
+ // Output nickname
+ $OUT .= $nick;
+ }
+ else
+ {
+ // Output userid
+ $OUT .= $uid;
+ }
+ $OUT .= "</OPTION>\n";
+ }
+ $OUT .= "</SELECT>\n";
+ define('__TRANSFER_TO_DISABLED', "");
+
+ // Free memory
+ SQL_FREERESULT($result);
+ }
+ else
+ {
+ // No one else is opt-in
+ $OUT = TRANSFER_NO_ONE_ELSE_OPT_IN;
+ define('__TRANSFER_TO_DISABLED', " disabled");
+ }
+ // Transfer output to constant for the template
+ define('__TRANSFER_USERID_SELECTION', $OUT);
+
+ // Generate Code
+ if ($CONFIG['transfer_code'] > 0)
+ {
+ $rand = rand(0, 99999);
+ $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
+ $img = GENERATE_IMAGE($code, false);
+ define('__TRANSFER_IMAGE_INPUT', "<INPUT type=\"hidden\" name=\"code_chk\" value=\"".$rand."\"><INPUT type=\"text\" name=\"code\" class=\"member_normal\" size=\"5\" maxlength=\"7\"".__TRANSFER_TO_DISABLED."> ".$img);
+ }
+ else
+ {
+ $code = "00000";
+ define('__TRANSFER_IMAGE_INPUT', TRANSFER_NO_CODE);
+ }
+
+ // Transfer maybe already entered valued'
+ if (isset($_GET['ok'])) {
+ // Get values from form
+ define('__TRANSFER_POINTS_VALUE', bigintval($_POST['points']));
+ define('__TRANSFER_REASON_VALUE', strip_tags($_POST['reason']));
+ } else {
+ // Set empty values
+ define('__TRANSFER_POINTS_VALUE', "");
+ define('__TRANSFER_REASON_VALUE', "");
+ }
+
+ // Output form
+ LOAD_TEMPLATE("member_transfer_new");
+ }
+ break;
+
+case "list_in": // List only incoming transactions
+case "list_out": // List only outgoing transactions
+ // As you can see I put list_in and list_out together. I now do a switch() again on it for the right SQL command
+ switch ($MODE)
+ {
+ case "list_in":
+ $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max'];
+ $NOTHING = TRANSFER_NO_INCOMING_TRANSFERS;
+ define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING);
+ define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING);
+ break;
+
+ case "list_out":
+ $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max'];
+ $NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS;
+ define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING);
+ define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING);
+ break;
+ }
+
+ // Run the SQL command
+ $total = "0";
+ $result = SQL_QUERY_ESC($SQL, array($GLOBALS['userid']), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) > 0)
+ {
+ $OUT = ""; $SW = 2;
+ while (list($tid, $uid, $points, $reason, $stamp) = SQL_FETCHROW($result))
+ {
+ if ($type == "OUT") $points = "$points-";
+ $OUT .= "<TR>
+ <TD class=\"transfer_row1 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row1\">".$tid."</FONT>
+ </TD>
+ <TD class=\"transfer_row2 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row2\">".MAKE_DATETIME($stamp, "3")."</FONT>
+ </TD>
+ <TD class=\"transfer_row3 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row3\">".$uid."</FONT>
+ </TD>
+ <TD class=\"transfer_row4 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row4\">".$reason."</FONT>
+ </TD>
+ <TD class=\"transfer_row5 switch_sw".$SW." bottom2\">
+ <FONT class=\"transfer_row5\">".$points."</FONT>
+ </TD>
+</TR>\n";
+ $total += $points;
+ $SW = 3 - $SW;
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+ }
+ else
+ {
+ // Nothing for in or out
+ $OUT = "<TR>
+ <TD colspan=\"5\" align=\"center\" class=\"bottom2\" height=\"70\">
+ ".LOAD_TEMPLATE("admin_settings_saved", true, $NOTHING)."
+ </TD>
+</TR>";
+ }
+
+ // ... and add them to a constant for the template
+ define('__TRANSFER_ROWS', $OUT);
+
+ // Remeber total amount
+ define('__TRANSFER_TOTAL_VALUE', $total);
+
+ // Load final template
+ LOAD_TEMPLATE("member_transfer_list");
+ break;
+
+case "list_all": // List all transactions
+ // We fill a temporay table with data from both tables. This is much easier
+ // to code and unstand by you as sub-SELECT queries. I know this is not the
+ // fastest way but it shall be fine for now.
+ //
+ // First of all create the temporary table
+ $result = SQL_QUERY("CREATE TEMPORARY TABLE "._MYSQL_PREFIX."_transfers_tmp (
+trans_id varchar(12) not null default '',
+party_uid bigint(20) not null default '0',
+points bigint(20) not null default '0',
+reason varchar(255) not null default '',
+time_trans varchar(10) not null default '0',
+trans_type enum('IN', 'OUT') not null default 'IN',
+KEY(party_uid)
+) TYPE=HEAP", __FILE__, __LINE__);
+
+ // Let's begin with the incoming list
+ $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s",
+array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__);
+ while ($DATA = SQL_FETCHROW($result))
+ {
+ $DATA[] = "IN";
+ $DATA = implode("', '", $DATA);
+ $res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__);
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // As the last table transfer data from outgoing table to temporary
+ $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s",
+array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__);
+ while ($DATA = SQL_FETCHROW($result))
+ {
+ $DATA[] = "OUT";
+ $DATA = implode("', '", $DATA);
+ $res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__);
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ $total = "0";
+ if (SQL_NUMROWS($result) > 0)
+ {
+ // Output rows
+ $OUT = ""; $SW = 2;
+ $result = SQL_QUERY("SELECT party_uid, trans_id, points, reason, time_trans, trans_type FROM "._MYSQL_PREFIX."_transfers_tmp ORDER BY time_trans DESC", __FILE__, __LINE__);
+ while(list($uid, $idx, $points, $reason, $stamp, $type) = SQL_FETCHROW($result))
+ {
+ if ($type == "OUT") $points = "-$points";
+ $OUT .= "<TR>
+ <TD class=\"transfer_row1 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row1\">".$idx."</FONT>
+ </TD>
+ <TD class=\"transfer_row2 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row2\">".MAKE_DATETIME($stamp, "3")."</FONT>
+ </TD>
+ <TD class=\"transfer_row3 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row3\">".$uid."</FONT>
+ </TD>
+ <TD class=\"transfer_row4 switch_sw".$SW." bottom2 right2\">
+ <FONT class=\"transfer_row4\">".$reason."</FONT>
+ </TD>
+ <TD class=\"transfer_row5 switch_sw".$SW." bottom2\">
+ <FONT class=\"transfer_row5\">".$points."</FONT>
+ </TD>
+</TR>\n";
+ $total += $points;
+ $SW = 3 - $SW;
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+ }
+ else
+ {
+ // Nothing for in and out
+ $OUT = "<TR>
+ <TD colspan=\"5\" align=\"center\" class=\"bottom2\" height=\"70\">
+ ".LOAD_TEMPLATE("admin_settings_saved", true, TRANSFER_NO_INOUT_TRANSFERS)."
+ </TD>
+</TR>";
+ }
+
+ // ... and add them to a constant for the template
+ define('__TRANSFER_ROWS', $OUT);
+
+ // Remeber total amount
+ define('__TRANSFER_TOTAL_VALUE', $total);
+
+ // Set title
+ define('__TRANSFER_TITLE', TRANSFER_LIST_ALL);
+
+ // Set "balance" word
+ define('__TRANSFER_SUM', TRANSFER_TOTAL_BALANCE);
+
+ // Load final template
+ LOAD_TEMPLATE("member_transfer_list");
+
+ // At the end we don't need a temporay table in memory
+ $result = SQL_QUERY("DROP TABLE IF EXISTS "._MYSQL_PREFIX."_transfers_tmp", __FILE__, __LINE__);
+
+ // Free some memory...
+ SQL_FREERESULT($result);
+ break;
+
+case "": // Overview page
+ // Check incoming transfers
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ list($dmy) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+
+ $total=$dmy;
+ if ($dmy > 0)
+ {
+ define('__TRANSFER_IN_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=list_in\">".$dmy."</A>");
+ }
+ else
+ {
+ define('__TRANSFER_IN_LINK', $dmy);
+ }
+
+ // Check outgoing transfers
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ list($dmy) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+
+ $total+=$dmy;
+ if ($dmy > 0)
+ {
+ define('__TRANSFER_OUT_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=list_out\">".$dmy."</A>");
+ }
+ else
+ {
+ define('__TRANSFER_OUT_LINK', $dmy);
+ }
+
+ // Total transactions
+ if ($total > 0)
+ {
+ define('__TRANSFER_ALL_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=list_all\">".$total."</A>");
+ }
+ else
+ {
+ define('__TRANSFER_ALL_LINK', $total);
+ }
+
+ if (isset($_POST['ok']))
+ {
+ // Save settings
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1",
+ array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
+
+ // Rember for next switch() command
+ $opt_in = $_POST['opt_in'];
+
+ // "Settings saved..."
+ OUTPUT_HTML ("<P><STRONG class=\"member_done\">".SETTINGS_SAVED."</STRONG></P>");
+ }
+ switch ($opt_in)
+ {
+ case "Y":
+ define('__TRANSFER_ALLOW_Y', " checked");
+ define('__TRANSFER_ALLOW_N', "");
+ define('__TRANSFER_NEW_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=new\">".TRANSFER_NOW_LINK."</A>");
+ break;
+
+ case "N":
+ define('__TRANSFER_ALLOW_Y', "");
+ define('__TRANSFER_ALLOW_N', " checked");
+ define('__TRANSFER_NEW_LINK', TRANSFER_PLEASE_ALLOW_OPT_IN);
+ break;
+ }
+
+ // Check for latest out-transfers
+ $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0)
+ {
+ // Load template
+ define('__TRANSFER_SETTINGS_CONTENT', LOAD_TEMPLATE("member_transfer_settings", true));
+ }
+ else
+ {
+ // Load newest transaction
+ list($newest) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ define('__TRANSFER_SETTINGS_CONTENT', TRANSFER_LATEST_IS_1.MAKE_DATETIME($newest, "3").TRANSFER_LATEST_IS_2);
+ }
+ // Load template
+ LOAD_TEMPLATE("member_transfer_overview");
+ break;
+}
+//
+?>