X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-add_points.php;h=f514b885cdee17f65e6ffebc4523d5000e16493f;hb=b7a1b50bec9d45efcf037db83b7e7c58ba2846dd;hp=444d18f04a4028a69f4fea4b7a57e42aa62a8d89;hpb=5ef6ed7373ae85e5635e39e2a0adf9496a8add05;p=mailer.git
diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php
index 444d18f04a..f514b885cd 100644
--- a/inc/modules/admin/what-add_points.php
+++ b/inc/modules/admin/what-add_points.php
@@ -32,52 +32,50 @@
************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
// Fix a notice
if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
-if ($_GET['u_id'] == "all")
-{
+if ($_GET['u_id'] == "all") {
// Add points to all accounts
- if ((isset($_POST['ok'])) && ($_POST['points'] > 0))
- {
+ if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
define('__POINTS_VALUE', $_POST['points']);
$result_main = SQL_QUERY("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
- while (list($uid) = SQL_FETCHROW($result_main))
- {
+ while (list($uid) = SQL_FETCHROW($result_main)) {
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Selected user does exist
list($sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
- {
+ if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ global $DEPTH;
+ // Remove depth to prevent booking errors. This is a bad coding
+ // practice, thats also why we need to write this project from
+ // scratch...
+ unset($DEPTH);
+
// Ok, add points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth='0' LIMIT 1",
- array($_POST['points'], bigintval($uid)), __FILE__, __LINE__);
+ ADD_POINTS_REFSYSTEM("admin_all", $uid, bigintval($_POST['points']), false, "0", false, "direct");
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "add", $_POST['points']);
- }
+ // Prepare content
+ $content = array(
+ 'text' => SQL_ESCAPE($_POST['reason']),
+ 'points' => bigintval($_POST['points'])
+ );
// Load email template and send email away
- $msg = LOAD_EMAIL_TEMPLATE("add-points", $_POST['reason'], $uid);
- SEND_EMAIL($email, ADMIN_ADD_SUBJ, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($uid));
+ SEND_EMAIL(bigintval($uid), ADMIN_ADD_SUBJ, $msg);
}
}
}
@@ -87,58 +85,54 @@ if ($_GET['u_id'] == "all")
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ALL_POINTS_ADDED);
- }
- else
- {
+ } else {
// Display form add points
LOAD_TEMPLATE("admin_add_points_all");
}
-}
- elseif (!empty($_GET['u_id']))
-{
+} elseif (!empty($_GET['u_id'])) {
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Selected user does exist
list($sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
- {
+ if ((isset($_POST['ok'])) && (!empty($_POST['points']))) {
+ global $DEPTH;
+ // Remove depth to prevent booking errors. This is a bad coding
+ // practice, thats also why we need to write this project from
+ // scratch...
+ unset($DEPTH);
+
// Ok, add points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth='0' LIMIT 1",
- array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ ADD_POINTS_REFSYSTEM("admin_single", bigintval($_GET['u_id']), bigintval($_POST['points']), false, "0", false, "direct");
- // Remember points in constant
- define('__POINTS_VALUE', $_POST['points']);
+ // Prepare content
+ $content = array(
+ 'text' => SQL_ESCAPE($_POST['reason']),
+ 'points' => bigintval($_POST['points'])
+ );
// Message laden
- $msg = LOAD_EMAIL_TEMPLATE("add-points", $_POST['reason'], $_GET['u_id']);
+ $msg = LOAD_EMAIL_TEMPLATE("add-points", $content, bigintval($_GET['u_id']));
- SEND_EMAIL($email, ADMIN_ADD_SUBJ, $msg);
+ SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_ADD_SUBJ, $msg);
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_ADDED);
- }
- else
- {
+ } else {
// Opps, missing form here
define('__USER_VALUE', "".$sname." ".$fname."");
- define('__UID_VALUE', $_GET['u_id']);
+ define('__UID' , bigintval($_GET['u_id']));
LOAD_TEMPLATE("admin_add_points");
}
- }
- else
- {
+ } else {
// User not found!
OUTPUT_HTML("".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2."");
}
-}
- else
-{
+} else {
// Output selection form with all confirmed user accounts listed
- ADD_MEMBER_SELECTION_BOX(true);
+ ADD_MEMBER_SELECTION_BOX("0", true);
}
-CLOSE_TABLE();
+
//
?>