global $DATA;
// Check for mails
-$result_main = SQL_QUERY("SELECT id, sender, subject, payment_id, timestamp, url, target_send, cat_id FROM "._MYSQL_PREFIX."_pool WHERE data_type='ADMIN' ORDER BY timestamp", __FILE__, __LINE__);
+$result_main = SQL_QUERY("SELECT `id`, `sender`, `subject`, `payment_id` AS `payment`, `timestamp`, `url`, `target_send`, `cat_id` AS `category`
+FROM `"._MYSQL_PREFIX."_pool`
+WHERE `data_type`='ADMIN'
+ORDER BY `timestamp` ASC", __FILE__, __LINE__);
if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) {
// Count checked checkboxes
// Nothing selected
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_MAILS_NOTHING_CHECKED);
}
- } elseif ((isset($_POST['lock'])) || ($SEL > 0)) {
- if ($SEL > 0) {
- // Lock URLs
- foreach ($_POST['sel'] as $id => $url) {
- // Lookup in blacklist
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1",
- array($url), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0) {
- // Did not find a record so we can add it... :)
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_url_blist (url, timestamp) VALUES ('%s', UNIX_TIMESTAMP())",
- array($url), __FILE__, __LINE__);
- } else {
- // Free memory
- SQL_FREERESULT($result);
- }
- }
-
- // Set message
- $MSG = ADMIN_URLS_BLOCKED;
- } else {
- // Nothing selected
- $MSG = ADMIN_MAILS_NOTHING_CHECKED;
- }
- LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
- } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject']))) {
+ } elseif ((isset($_POST['lock'])) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) {
+ // Lock URLs
+ foreach ($_POST['sel'] as $id => $url) {
+ // Secure id number
+ $id = bigintval($id);
+
+ // Lookup in blacklist
+ $result = SQL_QUERY_ESC("SELECT `id` FROM `"._MYSQL_PREFIX."_url_blacklist` WHERE `url`='%s' LIMIT 1",
+ array($url), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0) {
+ // Did not find a record so we can add it... :)
+ SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_url_blacklist` (`url`,`pool_id`) VALUES ('%s',%s)",
+ array($url, $id), __FILE__, __LINE__);
+ } // END - if
+
+ // Free memory
+ SQL_FREERESULT($result);
+ } // END - foreach
+
+ // Output message
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_URLS_BLOCKED);
+ } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject'])) && (getConfig('url_blacklist') == "Y")) {
// Mail orders are in pool so we can display them
$SW = 2; $OUT = "";
- while (list($id, $sender, $subj, $pay, $time, $url, $tsend, $cat) = SQL_FETCHROW($result_main))
- {
+ while ($content = SQL_FETCHARRAY($result_main)) {
// Prepare data for the template
$content = array(
'sw' => $SW,
- 'id' => $id,
- 'sender' => $sender,
- 'u_link' => ADMIN_USER_PROFILE_LINK($sender),
- 'subj' => COMPILE_CODE($subj),
- 'tester' => FRAMETESTER($url),
- 'url' => $url,
- 'cat_title' => str_replace("\"", """, GET_CATEGORY($cat)),
- 'cat_link' => $cat,
- 'pay_title' => str_replace("\"", """, GET_PAYMENT($pay, true)),
- 'pay_link' => $pay,
- 'ordered' => MAKE_DATETIME($time, "2"),
- 'tsend' => $tsend,
+ 'id' => $content['id'],
+ 'sender' => $content['sender'],
+ 'u_link' => ADMIN_USER_PROFILE_LINK($content['sender']),
+ 'subj' => COMPILE_CODE($content['subject']),
+ 'tester' => FRAMETESTER($content['url']),
+ 'url' => $content['url'],
+ 'cat_title' => str_replace("\"", """, GET_CATEGORY($content['category'])),
+ 'cat_link' => $content['category'],
+ 'pay_title' => str_replace("\"", """, GET_PAYMENT($content['payment'], true)),
+ 'pay_link' => $content['payment'],
+ 'ordered' => MAKE_DATETIME($content['timestamp'], "2"),
+ 'tsend' => $content['target_send'],
);
// Load row template and switch colors
$OUT .= LOAD_TEMPLATE("admin_unlock_emails_row", true, $content);
$SW = 3 - $SW;
- }
+ } // END - while
// Free memory
SQL_FREERESULT($result_main);
// Load main template
LOAD_TEMPLATE("admin_unlock_emails");
+ } elseif ((isset($_POST['lock'])) && (getConfig('url_blacklist') == "N")) {
+ // URL blacklist not activated
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_URL_BLACKLIST_DISABLED);
} else {
// Wrong call!
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_WRONG_CALL);