// Some security stuff...
$URL = "";
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
// Finally is the entry valid?
if (SQL_AFFECTEDROWS() == 1) {
- // Update his login data
- UPDATE_LOGIN_DATA();
-
// Load personal data...
- $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($gender, $sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Update used points
$ADD = "";
if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
- SUB_POINTS($GLOBALS['userid'], $USED);
+ SUB_POINTS("order", $GLOBALS['userid'], $USED);
// Prepare content
$content = array(
'subject' => $DATA[0],
'text' => $DATA[1],
'payment' => GET_PAYMENT($DATA[3]),
- 'category' => GET_CATEGORY($DATA[6])
+ 'category' => GET_CATEGORY($DATA[6]),
+ 'url' => $DATA[5]
);
// Send an email to the user
LOAD_TEMPLATE("member_order-back", false);
} else {
// Matching line not found or already "placed" in send queue
- $URL = URL."/modules.php?module=login";
- LOAD_URL($URL);
+ LOAD_URL(URL."/modules.php?module=login");
}
} else {
// Redirect...