Template fixes, lesser admin data will be loaded from database

[mailer.git] / inc / modules / member / what-order.php

diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php
index ccbc0821a5d4ec6b84077d13e020d70e0a74bb3c..a85be7e4686e695d87866544fffe6f2ef4a6f76c 100644 (file)
--- a/inc/modules/member/what-order.php
+++ b/inc/modules/member/what-order.php
@@ -32,17 +32,12 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
-}
- elseif (!IS_MEMBER())
-{
+} elseif (!IS_MEMBER()) {
        LOAD_URL("modules.php?module=index");
-}
- elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN()))
-{
+} elseif (!EXT_IS_ACTIVE("order")) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
        return;
 }
@@ -112,12 +107,7 @@ if (SQL_NUMROWS($result_p) > 0)
        SQL_FREERESULT($result_p);
 
        // And subtract his used points...
-       $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
-        array($GLOBALS['userid']), __FILE__, __LINE__);
-
-       list($p) = SQL_FETCHROW($result_p);
-       SQL_FREERESULT($result_p);
-       $TOTAL -= $p;
+       $TOTAL -= GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
 
        // Add (maybe) missing three zeros
        if (!ereg(".", $TOTAL)) $TOTAL .= ".00000";
@@ -134,8 +124,10 @@ if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3"))
        // Continue with the frametester, we first need to store the data temporary in the pool
        //
        // First we would like to store the data and get it's pool position back...
-       $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND url='%s' AND timestamp > %s LIMIT 1",
-        array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $_CONFIG['url_tlock'])), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT id, data_type
+FROM "._MYSQL_PREFIX."_pool
+WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
+        array($GLOBALS['userid'], $_POST['url'], $_CONFIG['url_tlock']), __FILE__, __LINE__);
 
        $type = "TEMP"; $id = 0;
        if (SQL_NUMROWS($result) == 1)
@@ -312,7 +304,7 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME
                                        {
                                                // HTML extension is active
                                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg)
- VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s', '%s')",
+ VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')",
 array(
        $GLOBALS['userid'],
        addslashes($_POST['subject']),
@@ -331,7 +323,7 @@ array(
                                        {
                                                // No HTML extension is active
                                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip)
- VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s')",
+ VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')",
 array(
        $GLOBALS['userid'],
        addslashes($_POST['subject']),