// Order number placed, is he also logged in?
if (isMember()) {
// Ok, test passed... :)
- $result = SQL_QUERY_ESC("SELECT `url` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `id`=%s AND `sender`=%s AND `data_type`='TEMP' LIMIT 1",
- array(bigintval(getRequestElement('order')), getMemberId()), __FILE__, __LINE__);
+ $content = getPoolDataFromId(getRequestElement('order'));
// Finally is the entry valid?
- if (SQL_NUMROWS($result) == 1) {
+ if ((count($content) > 0) && ($content['data_type'] == 'TEMP')) {
// Load subject and URL (but forwhat do we need the subject line here???
list($url) = SQL_FETCHROW($result);
// Matching line not found
redirectToUrl('modules.php?module=index&what=login');
}
-
- // Free memory
- SQL_FREERESULT($result);
} else {
// He is no longer logged in
redirectToUrl('modules.php?module=index&what=login');