************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
- LOAD_URL(URL."/modules.php?module=index");
-}
- elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN()))
-{
+} elseif (!IS_MEMBER()) {
+ LOAD_URL("modules.php?module=index");
+} elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN())) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "transfer");
return;
}
ADD_DESCR("member", basename(__FILE__));
// Load data
-$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($opt_in) = SQL_FETCHROW($result);
if (!empty($_GET['mode'])) $MODE = $_GET['mode'];
// Check for "faker"
-if (($opt_in == 'N') && ($MODE == "new")) $MODE = "";
+if (($opt_in == "N") && ($MODE == "new")) $MODE = "";
switch ($MODE)
{
case "new": // Start new transfer
// Get total points and subtract the balance amount from it = maximum transferable points
- $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0",
+ $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND points > 0",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($total) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Get totally used points and password
- $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($used, $pass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Remember maximum value for template
- define('__TRANSFER_MAX_VALUE', round($total - $used - $CONFIG['transfer_balance'] - 0.5));
+ define('__TRANSFER_MAX_VALUE', round($total - $used - $_CONFIG['transfer_balance'] - 0.5));
if (isset($_POST['ok']))
{
// Add new transfer
- if ($CONFIG['transfer_code'] > 0)
+ if ($_CONFIG['transfer_code'] > 0)
{
// Check for code
- $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
+ $code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
$valid_code = ($code == $_POST['code']);
}
else
$nick = true;
}
// Re-check receivers and own personal data
- $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
+ $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
$valid_data = (SQL_NUMROWS($result) == 2);
if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient)
{
// Let's start the transfer and load user data
- list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);
- list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);
+ list($uid1, $gender1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result);
+ list($uid2, $gender2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ($uid1 == $GLOBALS['userid'])
{
// Data row 1 is sender's data
- define('__SENDER_SEX' , TRANSLATE_SEX($sex1));
+ define('__SENDER_GENDER' , TRANSLATE_GENDER($gender1));
define('__SENDER_NICK' , $nick1);
define('__SENDER_SNAME' , $sname1);
define('__SENDER_FNAME' , $fname1);
define('__SENDER_EMAIL' , $email1);
// Data row 2 is recpient's data
- define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2));
+ define('__RECIPIENT_GENDER' , TRANSLATE_GENDER($gender2));
define('__RECIPIENT_NICK' , $nick2);
define('__RECIPIENT_SNAME', $sname2);
define('__RECIPIENT_FNAME', $fname2);
else
{
// Data row 2 is sender's data
- define('__SENDER_SEX' , TRANSLATE_SEX($sex2));
+ define('__SENDER_GENDER' , TRANSLATE_GENDER($gender2));
define('__SENDER_NICK' , $nick2);
define('__SENDER_SNAME' , $sname2);
define('__SENDER_FNAME' , $fname2);
define('__SENDER_EMAIL' , $email2);
// Data row 1 is recpient's data
- define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1));
+ define('__RECIPIENT_GENDER' , TRANSLATE_GENDER($gender1));
define('__RECIPIENT_NICK' , $nick1);
define('__RECIPIENT_SNAME', $sname1);
define('__RECIPIENT_FNAME', $fname1);
define('__TRANSFER_REASON', $_POST['reason']);
if (function_exists('CREATE_FANCY_TIME'))
{
- define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($CONFIG['transfer_age']));
+ define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($_CONFIG['transfer_age']));
}
else
{
- define('__TRANSFER_EXPIRES', round($CONFIG['transfer_age']/60/60/24)." ".DAYS);
+ define('__TRANSFER_EXPIRES', round($_CONFIG['transfer_age']/60/60/24)." ".DAYS);
}
// Generate tranafer id
__FILE__, __LINE__);
// Add points to account *directly* ...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1",
array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__);
// ... and add it to current user's used points
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__);
+ SUB_POINTS($GLOBALS['userid'], $_POST['points']);
// First send email to recipient
$msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID);
SEND_EMAIL(__SENDER_EMAIL, TRANSFER_MEMBER_SENDER_SUBJ.": ".$RECIPIENT, $msg);
// At last send admin mail(s)
- $ADMIN_SUBJ = TRANSFER_ADMIN_SUBJECT." (".$SENDER."->".$RECIPIENT.")";
- if (GET_EXT_VERSION("admins") >= "0.4.1")
- {
- SEND_ADMIN_EMAILS_PRO($ADMIN_SUBJ, "admin_transfer_points");
- }
- else
- {
- $msg = LOAD_EMAIL_TEMPLATE("admin_transfer_points");
- SEND_ADMIN_EMAILS($ADMIN_SUBJ, $msg);
- }
+ $ADMIN_SUBJ = sprintf("%s (%s->%s)", TRANSFER_ADMIN_SUBJECT, $SENDER, $RECIPIENT);
+ SEND_ADMIN_NOTIFICATION($ADMIN_SUBJ, "admin_transfer_points");
// Transfer is completed
- OUTPUT_HTML("<P>");
LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."<br /><A href=\"".URL."/modules.php?module=login&what=transfer\">".TRANSFER_CONTINUE_OVERVIEW."</A>");
- OUTPUT_HTML("</P>");
}
elseif (!$valid_code)
{
define('__TRANSFER_USERID_SELECTION', $OUT);
// Generate Code
- if ($CONFIG['transfer_code'] > 0)
+ if ($_CONFIG['transfer_code'] > 0)
{
$rand = rand(0, 99999);
- $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
+ $code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE);
$img = GENERATE_IMAGE($code, false);
define('__TRANSFER_IMAGE_INPUT', "<INPUT type=\"hidden\" name=\"code_chk\" value=\"".$rand."\"><INPUT type=\"text\" name=\"code\" class=\"member_normal\" size=\"5\" maxlength=\"7\"".__TRANSFER_TO_DISABLED."> ".$img);
}
switch ($MODE)
{
case "list_in":
- $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max'];
+ $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
$NOTHING = TRANSFER_NO_INCOMING_TRANSFERS;
define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING);
define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING);
break;
case "list_out":
- $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max'];
+ $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max'];
$NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS;
define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING);
define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING);
}
// Run the SQL command
- $total = "0";
+ $total = 0;
$result = SQL_QUERY_ESC($SQL, array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)
{
break;
case "list_all": // List all transactions
- // We fill a temporay table with data from both tables. This is much easier
+ // We fill a temporary table with data from both tables. This is much easier
// to code and unstand by you as sub-SELECT queries. I know this is not the
// fastest way but it shall be fine for now.
//
// First of all create the temporary table
$result = SQL_QUERY("CREATE TEMPORARY TABLE "._MYSQL_PREFIX."_transfers_tmp (
-trans_id varchar(12) not null default '',
-party_uid bigint(20) not null default '0',
-points bigint(20) not null default '0',
-reason varchar(255) not null default '',
-time_trans varchar(10) not null default '0',
-trans_type enum('IN', 'OUT') not null default 'IN',
+trans_id VARCHAR(12) NOT NULL DEFAULT '',
+party_uid BIGINT(20) NOT NULL DEFAULT '0',
+points BIGINT(20) NOT NULL DEFAULT '0',
+reason VARCHAR(255) NOT NULL DEFAULT '',
+time_trans VARCHAR(10) NOT NULL DEFAULT '0',
+trans_type ENUM('IN', 'OUT') NOT NULL DEFAULT 'IN',
KEY(party_uid)
) TYPE=HEAP", __FILE__, __LINE__);
// Let's begin with the incoming list
- $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s",
-array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s",
+array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
while ($DATA = SQL_FETCHROW($result))
{
$DATA[] = "IN";
SQL_FREERESULT($result);
// As the last table transfer data from outgoing table to temporary
- $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s",
-array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s",
+array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__);
while ($DATA = SQL_FETCHROW($result))
{
$DATA[] = "OUT";
// Free memory
SQL_FREERESULT($result);
- $total = "0";
+ $total = 0;
if (SQL_NUMROWS($result) > 0)
{
// Output rows
// Load final template
LOAD_TEMPLATE("member_transfer_list");
- // At the end we don't need a temporay table in memory
+ // At the end we don't need a temporary table in memory
$result = SQL_QUERY("DROP TABLE IF EXISTS "._MYSQL_PREFIX."_transfers_tmp", __FILE__, __LINE__);
// Free some memory...
case "": // Overview page
// Check incoming transfers
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
list($dmy) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
// Check outgoing transfers
- $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__);
list($dmy) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (isset($_POST['ok']))
{
// Save settings
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1",
array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
// Rember for next switch() command
switch ($opt_in)
{
case 'Y':
- define('__TRANSFER_ALLOW_Y', " checked");
+ define('__TRANSFER_ALLOW_Y', ' checked');
define('__TRANSFER_ALLOW_N', "");
define('__TRANSFER_NEW_LINK', "<A href=\"".URL."/modules.php?module=login&what=transfer&mode=new\">".TRANSFER_NOW_LINK."</A>");
break;
case 'N':
define('__TRANSFER_ALLOW_Y', "");
- define('__TRANSFER_ALLOW_N', " checked");
+ define('__TRANSFER_ALLOW_N', ' checked');
define('__TRANSFER_NEW_LINK', TRANSFER_PLEASE_ALLOW_OPT_IN);
break;
}
// Check for latest out-transfers
- $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
{
// Load template