X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-sub_points.php;h=6ac305396f32c467db5fe2f63911d4e2ef034bfe;hb=2142149f3f72f1a2476f95a87937c044d63bbaf2;hp=d08197759dc03ee699f6633a2db529a9a47b8c3b;hpb=d0ab0382dd73638f0bc13a1a3d6f117ec11a203e;p=mailer.git
diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php
index d08197759d..6ac305396f 100644
--- a/inc/modules/admin/what-sub_points.php
+++ b/inc/modules/admin/what-sub_points.php
@@ -32,18 +32,17 @@
************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
// Fix a notice
if (!isset($_GET['u_id'])) $_GET['u_id'] = "";
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
if ($_GET['u_id'] == "all")
{
// Add points to all accounts
@@ -54,7 +53,7 @@ if ($_GET['u_id'] == "all")
while (list($uid) = SQL_FETCHROW($result_main))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
@@ -65,12 +64,17 @@ if ($_GET['u_id'] == "all")
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add points to used points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points'], bigintval($uid))), __FILE__, __LINE__);
+ SUB_POINTS($uid, $_POST['points']);
+
+ // Prepare content
+ $content = array(
+ 'text' => SQL_ESCAPE($_POST['reason']),
+ 'points' => bigintval($_POST['points'])
+ );
// Load message and send it away
- $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid);
- SEND_EMAIL($email, ADMIN_SUB_SUBJ, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($uid));
+ SEND_EMAIL(bigintval($uid), ADMIN_SUB_SUBJ, $msg);
}
}
}
@@ -89,7 +93,7 @@ if ($_GET['u_id'] == "all")
elseif (!empty($_GET['u_id']))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
@@ -100,22 +104,17 @@ if ($_GET['u_id'] == "all")
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add to used points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1",
- array(bigintval($_POST['points']), bigintval($_GET['u_id'])), __FILE__, __LINE__);
+ SUB_POINTS(bigintval($_GET['u_id']), $_POST['points']);
- // Update mediadata as well
- if (GET_EXT_VERSION("mediadata") >= "0.0.4")
- {
- // Update database
- MEDIA_UPDATE_ENTRY(array("total_points"), "sub", bigintval($_POST['points']));
- }
-
- // Remember points in template
- define('__POINTS_VALUE', bigintval($_POST['points']));
+ // Prepare content
+ $content = array(
+ 'text' => SQL_ESCAPE($_POST['reason']),
+ 'points' => bigintval($_POST['points'])
+ );
// Load email and send it away
- $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $_GET['u_id']);
- SEND_EMAIL($email, ADMIN_SUB_SUBJ, $msg);
+ $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id']));
+ SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_SUB_SUBJ, $msg);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_SUBTRACTED);
@@ -131,14 +130,14 @@ if ($_GET['u_id'] == "all")
else
{
// User not found!
- OUTPUT_HTML ("".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2."");
+ OUTPUT_HTML("".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2."");
}
}
else
{
// Output selection form with all confirmed user accounts listed
- ADD_MEMBER_SELECTION_BOX(true);
+ ADD_MEMBER_SELECTION_BOX("0", true);
}
-CLOSE_TABLE();
+
//
?>