return false;
}
+ // Secure action
+ $action = SQL_ESCAPE(htmlentities(strip_tags($formData['action']), ENT_QUOTES));
+
+ // Has it changed?
+ if ($action != $formData['action']) {
+ // Invalid data in action found
+ return false;
+ } // END - if
+
// Create the function name for selected action
- $functionName = sprintf("SURFBAR_MEMBER_%s_ACTION", strtoupper(SQL_ESCAPE($formData['action'])));
+ $functionName = sprintf("SURFBAR_MEMBER_%s_ACTION", strtoupper($action));
// Is the function there?
if (function_exists($functionName)) {
$URLs[$formData['id']]['new_status'] = $SURFBAR_CACHE['new_status'];
// Extract URL data for call-back
- $urlData = array($URLs[$formData['id']]);
+ $urlData = array(array_merge($URLs[$formData['id']], array($action => $formData)));
// Action found so execute it
$performed = call_user_func_array($functionName, $urlData);
} else {
// Log invalid request
DEBUG_LOG(__FUNCTION__, __LINE__, " action={$formData['action']},id={$formData['id']},function={$functionName}");
+ ADD_FATAL(sprintf("Invalid member action! action=%s,id=%s,function=%s", $formData['action'], $formData['id'], $functionName));
}
// Return status
// Fetch the new status if found
if ($isValid) {
+ // Load new status
list($SURFBAR_CACHE['new_status']) = SQL_FETCHROW($result);
} // END - if
// Member actions
// -----------------------------------------------------------------------------
//
-// Retreat an URL
+// Retreat a booked URL
function SURFBAR_MEMBER_RETREAT_ACTION ($urlData) {
// Create the data array for next function call
$data = array(
// Simply change the status here
return SURFBAR_CHANGE_STATUS ($urlData['id'], $urlData['status'], $urlData['new_status'], $data);
}
+// Show edit form or do the changes
+function SURFBAR_MEMBER_EDIT_ACTION ($urlData) {
+ // Is the "execute" flag there?
+ if (isset($urlData['edit']['execute'])) {
+ // Execute the changes
+ return SURFBAR_MEMBER_EXECUTE_ACTION("edit", $urlData);
+ } // END - if
+
+ // Display form
+ return SURFBAR_MEMBER_DISPLAY_ACTION_FORM("edit", $urlData);
+}
+// Show delete form or do the changes
+function SURFBAR_MEMBER_DELETE_ACTION ($urlData) {
+ // Is the "execute" flag there?
+ if (isset($urlData['delete']['execute'])) {
+ // Execute the changes
+ return SURFBAR_MEMBER_EXECUTE_ACTION("delete", $urlData);
+ } // END - if
+
+ // Display form
+ return SURFBAR_MEMBER_DISPLAY_ACTION_FORM("delete", $urlData);
+}
+// Display selected "action form"
+function SURFBAR_MEMBER_DISPLAY_ACTION_FORM ($action, $urlData) {
+ // Translate some data
+ $urlData['registered'] = MAKE_DATETIME($urlData['registered'], "2");
+ $urlData['views_total'] = TRANSLATE_COMMA($urlData['views_total']);
+ $urlData['views_max'] = TRANSLATE_COMMA($urlData['views_max']);
+ $urlData['views_allowed'] = TRANSLATE_COMMA($urlData['views_allowed']);
+ $urlData['last_locked'] = MAKE_DATETIME($urlData['last_locked'], "2");
+
+ // Is the lock reason empty?
+ if (empty($urlData['lock_reason'])) {
+ // Fix it to three dashes
+ $urlData['lock_reason'] = "---";
+ } // END - if
+
+ // Default is not limited
+ $urlData['limited_yes'] = "";
+ $urlData['limited_no'] = " checked=\"checked\"";
+ $urlData['limited'] = "false";
+
+ // Is this URL limited?
+ if ($urlData['views_max'] > 0) {
+ // Then rewrite form data
+ $urlData['limited_yes'] = " checked=\"checked\"";
+ $urlData['limited_no'] = "";
+ $urlData['limited'] = "true";
+ } // END - if
+
+ // Load the form and display it
+ LOAD_TEMPLATE(sprintf("member_surfbar_%s_action_form", $action), false, $urlData);
+
+ // All fine by default ... ;-)
+ return true;
+}
+// Execute choosen action
+function SURFBAR_MEMBER_EXECUTE_ACTION ($action, $urlData) {
+ // By default nothing is executed
+ $executed = false;
+
+ // Is limitation "no" and "limit" is > 0?
+ if ((isset($urlData[$action]['limited'])) && ($urlData[$action]['limited'] == "N") && ((isset($urlData[$action]['limit'])) && ($urlData[$action]['limit'] > 0)) || (!isset($urlData[$action]['limit']))) {
+ // Set it to unlimited
+ $urlData[$action]['limit'] = 0;
+ } // END - if
+
+ // Construct function name
+ $functionName = sprintf("SURFBAR_MEMBER_EXECUTE_%s_ACTION", strtoupper($action));
+
+ // Is 'userid' set and not 'uid' ?
+ if ((!isset($urlData['uid'])) && (isset($urlData['userid']))) {
+ // Auto-fix this
+ $urlData['uid'] = $urlData['userid'];
+ } // END - if
+
+ // Is that function there?
+ if (function_exists($functionName)) {
+ // Execute the function
+ if (call_user_func_array($functionName, array($urlData)) == true) {
+ // Update status as well
+ $executed = SURFBAR_CHANGE_STATUS($urlData['id'], $urlData['status'], $urlData['new_status'], array($urlData['id'] => $urlData));
+ } // END - if
+ } else {
+ // Not found!
+ ADD_FATAL(sprintf(MEMBER_SURFBAR_EXECUTE_ACTION_404, $functionName));
+ }
+
+ // Return status
+ return $executed;
+}
+// "Execute edit" function: Update changed data
+function SURFBAR_MEMBER_EXECUTE_EDIT_ACTION ($urlData) {
+ // Translate URLs for testing
+ $url1 = COMPILE_CODE($urlData['url']);
+ $url2 = COMPILE_CODE($urlData['edit']['url']);
+
+ // Has the URL or limit changed?
+ if (true) {
+ //if (($urlData['views_allowed'] != $urlData['edit']['limit']) || ($url1 != $url2)) {
+ // Run the query
+ SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_surfbar_urls SET url='%s', views_allowed=%s, views_max=%s WHERE id=%s AND status='%s' LIMIT 1",
+ array($urlData['url'], $urlData['edit']['limit'], $urlData['edit']['limit'], $urlData['id'], $urlData['status']), __FILE__, __LINE__);
+
+ // Prepare new data
+ $urlData['new_url'] = $urlData['edit']['url'];
+ $urlData['new_limit'] = $urlData['edit']['limit'];
+ unset($urlData['edit']);
+
+ // Send admin notification
+ SURFBAR_NOTIFY_ADMIN("url_edited", $urlData);
+
+ // Send user notification
+ SURFBAR_NOTIFY_USER("url_edited", $urlData);
+ } // END - if
+
+ // All fine!
+ return true;
+}
//
// -----------------------------------------------------------------------------
// Self-maintenance functions
} // END - if
// Look up the record
- $result = SQL_QUERY_ESC("SELECT id, userid, url, views_total, status, registered, last_locked, lock_reason, views_max, views_allowed
+ $result = SQL_QUERY_ESC("SELECT id, userid, url, views_total, views_max, views_allowed, status, registered, last_locked, lock_reason, views_max, views_allowed
FROM "._MYSQL_PREFIX."_surfbar_urls
WHERE %s='%s'".$add."
ORDER BY %s %s
if (empty($uid)) $uid = 0;
// Just run the insert query for now
- SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid,url,status,views_max,views_allowed) VALUES (%s,'%s','%s','%s','%s')",
+ SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_surfbar_urls (userid,url,status,views_max,views_allowed) VALUES (%s,'%s','%s',%s,%s)",
array(
$uid,
$urlData['url'],
// Set default subject if following eval() wents wrong
$subject = ADMIN_SURFBAR_NOTIFY_DEFAULT_SUBJECT;
- // Prepare subject
- $subject = constant(sprintf("ADMIN_SURFBAR_NOTIFY_%s_SUBJECT",
+ // Create constant name
+ $constantName = sprintf("ADMIN_SURFBAR_NOTIFY_%s_SUBJECT",
strtoupper($messageType)
- ));
+ );
+
+ // Prepare subject
+ if (defined($constantName)) {
+ $subject = constant($constantName);
+ } else {
+ ADD_FATAL(ADMIN_SURFBAR_NOTIFY_SUBJECT_404, $constantName);
+ }
+
+ // Translate some data if present
+ if (isset($content['status'])) $content['status'] = SURFBAR_TRANSLATE_STATUS($content['status']);
+ if (isset($content['registered'])) $content['registered'] = MAKE_DATETIME($content['registered'], "2");
+ if (isset($content['last_locked'])) $content['last_locked'] = MAKE_DATETIME($content['last_locked'], "2");
+ if (isset($content['views_total'])) $content['views_total'] = TRANSLATE_COMMA($content['views_total']);
+ if (isset($content['views_allowed'])) $content['views_allowed'] = TRANSLATE_COMMA($content['views_allowed']);
+ if (isset($content['views_max'])) $content['views_max'] = TRANSLATE_COMMA($content['views_max']);
// Send the notification out
return SEND_ADMIN_NOTIFICATION($subject, $templateName, $content, $content['uid']);
// Set default subject if following eval() wents wrong
$subject = MEMBER_SURFBAR_NOTIFY_DEFAULT_SUBJECT;
- // Prepare subject
- $subject = constant(sprintf("MEMBER_SURFBAR_NOTIFY_%s_SUBJECT",
+ // Create constant name
+ $constantName = sprintf("MEMBER_SURFBAR_NOTIFY_%s_SUBJECT",
strtoupper($messageType)
- ));
+ );
+
+ // Prepare subject
+ if (defined($constantName)) {
+ $subject = constant($constantName);
+ } else {
+ ADD_FATAL(MEMBER_SURFBAR_NOTIFY_SUBJECT_404, $constantName);
+ }
// Load template
$mailText = LOAD_EMAIL_TEMPLATE($templateName, $content, $content['uid']);
// Set default translated status
$statusTranslated = "!".$constantName."!";
- // Generate eval() command
+ // Is the constant there?
if (defined($constantName)) {
- $eval = "\$statusTranslated = ".$constantName.";";
- eval($eval);
+ // Then get it's value
+ $statusTranslated = constant($constantName);
} // END - if
// Return result
global $_CONFIG;
// Get URL data for status comparison if missing
- if (count($data) == 0) {
+ if ((!is_array($data)) || (count($data) == 0)) {
+ // Fetch missing URL data
$data = SURFBAR_GET_URL_DATA($urlId);
} // END - if
+ // Is the new status set?
+ if ((!is_string($newStatus)) || (empty($newStatus))) {
+ // Abort here, but fine!
+ return true;
+ } // END - if
+
// Is the status like prevStatus is saying?
if ($data[$urlId]['status'] != $prevStatus) {
// No, then abort here
// Update the status now
- // ---------------------- Commented out for debugging member actions! -----------------------
+ // ---------- Comment out for debugging/developing member actions! ---------
//SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_surfbar_urls SET status='%s' WHERE id=%s LIMIT 1",
// array($newStatus, bigintval($urlId)), __FILE__, __LINE__);
- // ---------------------- Commented out for debugging member actions! -----------------------
+ // ---------- Comment out for debugging/developing member actions! ---------
// Was that fine?
if (SQL_AFFECTEDROWS() != 1) {
$URLs = array();
// Begin the query
- $result = SQL_QUERY_ESC("SELECT u.id, u.userid, u.url, u.views_total, u.status, UNIX_TIMESTAMP(u.registered) AS registered, UNIX_TIMESTAMP(u.last_locked) AS last_locked, u.lock_reason AS lock_reason
+ $result = SQL_QUERY_ESC("SELECT u.id, u.userid, u.url, u.views_total, u.views_max, u.views_allowed, u.status, UNIX_TIMESTAMP(u.registered) AS registered, UNIX_TIMESTAMP(u.last_locked) AS last_locked, u.lock_reason AS lock_reason
FROM "._MYSQL_PREFIX."_surfbar_urls AS u
WHERE u.userid=%s AND u.status != 'DELETED'
ORDER BY u.id ASC",