************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
// Don't call this directly!
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
-} elseif (!IS_LOGGED_IN()) {
+} elseif (!IS_MEMBER()) {
// Not logged in
LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("payout")) && (!IS_ADMIN())) {
- // Extension "payout" is not active
- ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "payout");
+ addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "payout");
return;
}
// Add description as navigation point
-ADD_DESCR("member", basename(__FILE__));
+ADD_DESCR("member", __FILE__);
$result_depths = SQL_QUERY("SELECT level, percents FROM "._MYSQL_PREFIX."_refdepths ORDER BY level", __FILE__, __LINE__);
-$TPTS = "0";
-while (list($lvl, $per) = SQL_FETCHROW($result_depths))
-{
- // Load referral points
- $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=%d LIMIT 1",
- array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
- if (SQL_NUMROWS($result_points) == 1)
- {
+$TPTS = 0;
+while (list($lvl, $per) = SQL_FETCHROW($result_depths)) {
+ // Load referal points
+ $result_points = SQL_QUERY_ESC("SELECT points FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=%d LIMIT 1",
+ array($GLOBALS['userid'], bigintval($lvl)), __FILE__, __LINE__);
+
+ // Entry found?
+ if (SQL_NUMROWS($result_points) == 1) {
+ // Load points
list($points) = SQL_FETCHROW($result_points);
- SQL_FREERESULT($result_points);
+
+ // Add them to total
$TPTS += $points;
}
+
+ // Free result
+ SQL_FREERESULT($result_points);
}
// Free memory
SQL_FREERESULT($result_depths);
-$result = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
- array($GLOBALS['userid']), __FILE__, __LINE__);
-list($USED) = SQL_FETCHROW($result);
-SQL_FREERESULT($result);
+// Get used points
+$USED = GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
// Translate point into comma
$TPTS = TRANSLATE_COMMA($TPTS - $USED);
// Load payout types
$result = SQL_QUERY_ESC("SELECT id, type, rate, min_points, allow_url
FROM "._MYSQL_PREFIX."_payout_types
-WHERE %d >= min_points
-ORDER BY type", array(str_replace(",", ".", $TPTS)), __FILE__, __LINE__);
+WHERE %s >= min_points
+ORDER BY type", array(REVERT_COMMA($TPTS)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
// Free memory
FROM "._MYSQL_PREFIX."_user_payouts AS p
LEFT JOIN "._MYSQL_PREFIX."_payout_types AS t
ON p.payout_id = t.id
-WHERE p.userid = %d
+WHERE p.userid = %s
ORDER BY p.payout_timestamp DESC",
array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result_payouts) > 0)
while (list($pid, $total, $account, $bank, $type, $tstamp, $status, $allow, $url, $alt, $banner) = SQL_FETCHROW($result_payouts))
{
// Translate status
- $evl = "\$status = PAYOUT_MEMBER_STATUS_".strtoupper($status).";";
- eval($evl);
+ $status = constant('PAYOUT_MEMBER_STATUS_'.strtoupper($status).'');
$status = "<FONT class=\"member_failed\">".$status."</FONT>";
// Nothing entered must be secured in member/what-payputs.php !
- if ($allow == 'Y')
+ if ($allow == "Y")
{
// Banner/Textlink views/clicks request
if (!empty($banner))
else
{
// Chedk if he can get paid by selected type
- $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT type, rate, min_points, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array(bigintval($_GET['payout'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
define('PAYOUT_MAX_VALUE' , $max);
define('PAYOUT_TYPE_VALUE', COMPILE_CODE($type));
- if (str_replace(",", ".", $TPTS) >= $min)
+ if (REVERT_COMMA($TPTS) >= $min)
{
// Ok, he can get be paid
if ((isset($_POST['ok'])) && ($PAYOUT <= $PAY_MAX) && ($PAYOUT >= $min))
define('PAYOUT_POINTS_VALUE', $PAYOUT);
// Subtract points from member's account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array($PAYOUT, $GLOBALS['userid']), __FILE__, __LINE__);
-
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $PAYOUT);
- }
+ SUB_POINTS("payout", $GLOBALS['userid'], $PAYOUT);
// Add entry to his tranfer history
- if ($allow == 'Y')
+ if ($allow == "Y")
{
// Banner/textlink ordered
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, payout_id, payout_timestamp, status, target_url, link_text, banner_url)
-VALUES (%d, %d, %d, UNIX_TIMESTAMP(), 'NEW', '%s', '%s', '%s')",
+ SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, payout_id, payout_timestamp, status, target_url, link_text, banner_url)
+VALUES (%s,%s,%s, UNIX_TIMESTAMP(), 'NEW','%s','%s','%s')",
array(
$GLOBALS['userid'],
bigintval($_POST['payout']),
), __FILE__, __LINE__);
// Load templates
- $msg_mem = LOAD_EMAIL_TEMPLATE("member_payout_request_banner", "", $GLOBALS['userid']);
+ $msg_mem = LOAD_EMAIL_TEMPLATE("member_payout_request_banner", array(), $GLOBALS['userid']);
if (GET_EXT_VERSION("admins") >= "0.4.1")
{
$adm_tpl = "admin_payout_request_banner";
}
else
{
- $msg_adm = addslashes(LOAD_EMAIL_TEMPLATE("admin_payout_request_banner", "", $GLOBALS['userid']));
+ $msg_adm = LOAD_EMAIL_TEMPLATE("admin_payout_request_banner", array(), $GLOBALS['userid']);
}
}
else
{
// e-currency payout requested
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, target_account, target_bank, payout_id, payout_timestamp, status, password)
-VALUES (%d, %d, %d, '%s', %d, UNIX_TIMESTAMP(), 'NEW', '%s')",
+ SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_payouts (userid, payout_total, target_account, target_bank, payout_id, payout_timestamp, status, password)
+VALUES (%s,%s,%s,'%s',%s, UNIX_TIMESTAMP(), 'NEW','%s')",
array(
$GLOBALS['userid'],
bigintval($_POST['payout']),
), __FILE__, __LINE__);
// Load templates
- $msg_mem = LOAD_EMAIL_TEMPLATE("member_payout_request", "", $GLOBALS['userid']);
- $msg_adm = addslashes(LOAD_EMAIL_TEMPLATE("admin_payout_request", "", $GLOBALS['userid']));
+ $msg_mem = LOAD_EMAIL_TEMPLATE("member_payout_request", array(), $GLOBALS['userid']);
+ $msg_adm = LOAD_EMAIL_TEMPLATE("admin_payout_request", array(), $GLOBALS['userid']);
$admin_tpl = "";
if (GET_EXT_VERSION("admins") >= "0.4.1")
{
}
// Generate task
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, status, task_type, subject, text, task_created, userid)
-VALUES (0, 'NEW', 'PAYOUT_REQUEST', '[payout:] ".PAYOUT_REQUEST_ADMIN."', '%s', UNIX_TIMESTAMP(), %d)",
+ SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, status, task_type, subject, text, task_created, userid)
+VALUES (0, 'NEW','PAYOUT_REQUEST','[payout:] ".PAYOUT_REQUEST_ADMIN."','%s', UNIX_TIMESTAMP(), %s)",
array(
$msg_adm,
$GLOBALS['userid']
SEND_EMAIL($GLOBALS['userid'], PAYOUT_REQUEST_MEMBER, $msg_mem);
// To admin(s)
- if (GET_EXT_VERSION("admins") >= "0.4.1")
- {
- // Use new method
- SEND_ADMIN_EMAILS_PRO(PAYOUT_REQUEST_ADMIN, $admin_tpl, "", $GLOBALS['userid']);
- }
- else
- {
- // Use old method
- SEND_ADMIN_EMAILS(PAYOUT_REQUEST_ADMIN, $msg_adm);
- }
+ SEND_ADMIN_NOTIFICATION(PAYOUT_REQUEST_ADMIN, $admin_tpl, array(), $GLOBALS['userid']);
// Load template and output it
LOAD_TEMPLATE("admin_settings_saved", false, PAYOUT_REQUEST_SENT);
}
- elseif ($allow == 'Y')
+ elseif ($allow == "Y")
{
// Generate banner order form
LOAD_TEMPLATE("member_payout_form_banner");