************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
-} elseif (!IS_LOGGED_IN()) {
+} elseif (!IS_MEMBER()) {
LOAD_URL("modules.php?module=index");
} elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "transfer");
}
// Add description as navigation point
-ADD_DESCR("member", basename(__FILE__));
+ADD_DESCR("member", __FILE__);
// Load data
-$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($opt_in) = SQL_FETCHROW($result);
{
case "new": // Start new transfer
// Get total points and subtract the balance amount from it = maximum transferable points
- $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0",
- array($GLOBALS['userid']), __FILE__, __LINE__);
- list($total) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
-
- // Get totally used points and password
- $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
- array($GLOBALS['userid']), __FILE__, __LINE__);
- list($used, $pass) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
+ $total = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
// Remember maximum value for template
- define('__TRANSFER_MAX_VALUE', round($total - $used - $_CONFIG['transfer_balance'] - 0.5));
+ define('__TRANSFER_MAX_VALUE', round($total - $_CONFIG['transfer_balance'] - 0.5));
if (isset($_POST['ok']))
{
$nick = true;
}
// Re-check receivers and own personal data
- $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
+ $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s','%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
$valid_data = (SQL_NUMROWS($result) == 2);
if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient)
{
// Let's start the transfer and load user data
- list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);
- list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);
+ list($uid1, $gender1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);
+ list($uid2, $gender2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ($uid1 == $GLOBALS['userid'])
{
// Data row 1 is sender's data
- define('__SENDER_SEX' , TRANSLATE_SEX($sex1));
+ define('__SENDER_GENDER' , TRANSLATE_GENDER($gender1));
define('__SENDER_NICK' , $nick1);
define('__SENDER_SNAME' , $sname1);
define('__SENDER_FNAME' , $fname1);
define('__SENDER_EMAIL' , $email1);
// Data row 2 is recpient's data
- define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2));
+ define('__RECIPIENT_GENDER' , TRANSLATE_GENDER($gender2));
define('__RECIPIENT_NICK' , $nick2);
define('__RECIPIENT_SNAME', $sname2);
define('__RECIPIENT_FNAME', $fname2);
else
{
// Data row 2 is sender's data
- define('__SENDER_SEX' , TRANSLATE_SEX($sex2));
+ define('__SENDER_GENDER' , TRANSLATE_GENDER($gender2));
define('__SENDER_NICK' , $nick2);
define('__SENDER_SNAME' , $sname2);
define('__SENDER_FNAME' , $fname2);
define('__SENDER_EMAIL' , $email2);
// Data row 1 is recpient's data
- define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1));
+ define('__RECIPIENT_GENDER' , TRANSLATE_GENDER($gender1));
define('__RECIPIENT_NICK' , $nick1);
define('__RECIPIENT_SNAME', $sname1);
define('__RECIPIENT_FNAME', $fname1);
}
// Generate tranafer id
- define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));
+ define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", mt_rand(0, 99999), $GLOBALS['userid'], $_POST['reason'])));
// Add entries to both tables
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",
- array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
- __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')",
- array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
- __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
+ array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+ __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
+ array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+ __FILE__, __LINE__);
// Add points to account *directly* ...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
- array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);
+ ADD_POINTS_REFSYSTEM("member_transfer", bigintval($_POST['to_uid']), bigintval($_POST['points']), false, "0", false, "direct");
// ... and add it to current user's used points
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__);
+ SUB_POINTS("transfer", $GLOBALS['userid'], $_POST['points']);
// First send email to recipient
$msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
// Generate Code
if ($_CONFIG['transfer_code'] > 0)
{
- $rand = rand(0, 99999);
+ $rand = mt_rand(0, 99999);
$code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
$img = GENERATE_IMAGE($code, false);
define('__TRANSFER_IMAGE_INPUT', "<INPUT type=\"hidden\" name=\"code_chk\" value=\"".$rand."\"><INPUT type=\"text\" name=\"code\" class=\"member_normal\" size=\"5\" maxlength=\"7\"".__TRANSFER_TO_DISABLED."> ".$img);
switch ($MODE)
{
case "list_in":
- $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
+ $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
$NOTHING = TRANSFER_NO_INCOMING_TRANSFERS;
define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING);
define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING);
break;
case "list_out":
- $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
+ $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
$NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS;
define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING);
define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING);
}
// Run the SQL command
- $total = "0";
+ $total = 0;
$result = SQL_QUERY_ESC($SQL, array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
// First of all create the temporary table
$result = SQL_QUERY("CREATE TEMPORARY TABLE "._MYSQL_PREFIX."_transfers_tmp (
trans_id VARCHAR(12) NOT NULL DEFAULT '',
-party_uid BIGINT(20) NOT NULL DEFAULT '0',
-points BIGINT(20) NOT NULL DEFAULT '0',
+party_uid BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
+points BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
reason VARCHAR(255) NOT NULL DEFAULT '',
time_trans VARCHAR(10) NOT NULL DEFAULT '0',
-trans_type ENUM('IN', 'OUT') NOT NULL DEFAULT 'IN',
+trans_type ENUM('IN','OUT') NOT NULL DEFAULT 'IN',
KEY(party_uid)
) TYPE=HEAP", __FILE__, __LINE__);
// Let's begin with the incoming list
- $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s",
+ $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s",
array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
while ($DATA = SQL_FETCHROW($result))
{
$DATA[] = "IN";
- $DATA = implode("', '", $DATA);
+ $DATA = implode("','", $DATA);
$res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__);
}
SQL_FREERESULT($result);
// As the last table transfer data from outgoing table to temporary
- $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s",
+ $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s",
array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
while ($DATA = SQL_FETCHROW($result))
{
$DATA[] = "OUT";
- $DATA = implode("', '", $DATA);
+ $DATA = implode("','", $DATA);
$res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__);
}
// Free memory
SQL_FREERESULT($result);
- $total = "0";
+ $total = 0;
if (SQL_NUMROWS($result) > 0)
{
// Output rows
case "": // Overview page
// Check incoming transfers
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
list($dmy) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
// Check outgoing transfers
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
list($dmy) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
define('__TRANSFER_ALL_LINK', $total);
}
- if (isset($_POST['ok']))
- {
+ if (isset($_POST['ok'])) {
// Save settings
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1",
array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
// Rember for next switch() command
// "Settings saved..."
OUTPUT_HTML("<P><STRONG class=\"member_done\">".SETTINGS_SAVED."</STRONG></P>");
}
+
switch ($opt_in)
{
case 'Y':
- define('__TRANSFER_ALLOW_Y', ' checked');
+ define('__TRANSFER_ALLOW_Y', " checked=\"checked\"");
define('__TRANSFER_ALLOW_N', "");
define('__TRANSFER_NEW_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=new\">".TRANSFER_NOW_LINK."</A>");
break;
case 'N':
define('__TRANSFER_ALLOW_Y', "");
- define('__TRANSFER_ALLOW_N', ' checked');
+ define('__TRANSFER_ALLOW_N', " checked=\"checked\"");
define('__TRANSFER_NEW_LINK', TRANSFER_PLEASE_ALLOW_OPT_IN);
break;
}
// Check for latest out-transfers
- $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0)
- {
+ $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > (UNIX_TIMESTAMP() - ".$_CONFIG['transfer_timeout'].") AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0) {
// Load template
define('__TRANSFER_SETTINGS_CONTENT', LOAD_TEMPLATE("member_transfer_settings", true));
- }
- else
- {
+ } else {
// Load newest transaction
list($newest) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
define('__TRANSFER_SETTINGS_CONTENT', TRANSFER_LATEST_IS_1.MAKE_DATETIME($newest, "3").TRANSFER_LATEST_IS_2);
}
+
// Load template
LOAD_TEMPLATE("member_transfer_overview");
break;