Fixes for sending pool

[mailer.git] / inc / modules / admin / what-add_points.php

diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php
index fd9b0e5ee88c3bbe8f6a3ea160b43bcac1f510a8..cba19d94902ce397ab96d1ff849d26056afbfc1f 100644 (file)
--- a/inc/modules/admin/what-add_points.php
+++ b/inc/modules/admin/what-add_points.php
@@ -32,11 +32,11 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
@@ -68,9 +68,15 @@ if ($_GET['u_id'] == "all") {
                                                MEDIA_UPDATE_ENTRY(array("total_points"), "add", $_POST['points']);
                                        }
 
+                                       // Prepare content
+                                       $content = array(
+                                               'text'   => SQL_ESCAPE($_POST['reason']),
+                                               'points' => bigintval($_POST['points'])
+                                       );
+
                                        // Load email template and send email away
-                                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $_POST['reason'], $uid);
-                                       SEND_EMAIL($email, ADMIN_ADD_SUBJ, $msg);
+                                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($uid));
+                                       SEND_EMAIL(bigintval($uid), ADMIN_ADD_SUBJ, $msg);
                                }
                        }
                }
@@ -98,13 +104,16 @@ if ($_GET['u_id'] == "all") {
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
                         array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
-                       // Remember points in constant
-                       define('__POINTS_VALUE', $_POST['points']);
+                       // Prepare content
+                       $content = array(
+                               'text'   => SQL_ESCAPE($_POST['reason']),
+                               'points' => bigintval($_POST['points'])
+                       );
 
                        // Message laden
-                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $_POST['reason'], $_GET['u_id']);
+                       $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id']));
 
-                       SEND_EMAIL($email, ADMIN_ADD_SUBJ, $msg);
+                       SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_ADD_SUBJ, $msg);
                        LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED);
                } else {
                        // Opps, missing form here