X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-sub_points.php;h=e16508200fc34bdcaa0a91897acb0c9fcf2a33f5;hb=c08df20b10d0771e7f749d7afbe1f76be9f1b028;hp=9c6cc1d8fe11bd209594a2348302d72ba483bf38;hpb=5ef6ed7373ae85e5635e39e2a0adf9496a8add05;p=mailer.git diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php index 9c6cc1d8fe..e16508200f 100644 --- a/inc/modules/admin/what-sub_points.php +++ b/inc/modules/admin/what-sub_points.php @@ -32,18 +32,17 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) -{ +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } + // Add description as navigation point -ADD_DESCR("admin", basename(__FILE__)); +ADD_DESCR("admin", __FILE__); // Fix a notice if (!isset($_GET['u_id'])) $_GET['u_id'] = ""; -OPEN_TABLE("100%", "admin_content admin_content_align", ""); if ($_GET['u_id'] == "all") { // Add points to all accounts @@ -54,7 +53,7 @@ if ($_GET['u_id'] == "all") while (list($uid) = SQL_FETCHROW($result_main)) { // User ID found in URL so we use this give him some credits - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($uid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -65,12 +64,17 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add points to used points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($_POST['points'], bigintval($uid))), __FILE__, __LINE__); + SUB_POINTS("admin_all", $uid, $_POST['points']); + + // Prepare content + $content = array( + 'text' => SQL_ESCAPE($_POST['reason']), + 'points' => bigintval($_POST['points']) + ); // Load message and send it away - $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $uid); - SEND_EMAIL($email, ADMIN_SUB_SUBJ, $msg); + $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($uid)); + SEND_EMAIL(bigintval($uid), ADMIN_SUB_SUBJ, $msg); } } } @@ -89,7 +93,7 @@ if ($_GET['u_id'] == "all") elseif (!empty($_GET['u_id'])) { // User ID found in URL so we use this give him some credits - $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1", array(bigintval($_GET['u_id'])),__FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -100,22 +104,17 @@ if ($_GET['u_id'] == "all") if ((isset($_POST['ok'])) && (!empty($_POST['points']))) { // Ok, add to used points and send an email to him... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($_POST['points']), bigintval($_GET['u_id'])), __FILE__, __LINE__); + SUB_POINTS("admin_single", bigintval($_GET['u_id']), $_POST['points']); - // Update mediadata as well - if (GET_EXT_VERSION("mediadata") >= "0.0.4") - { - // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "sub", bigintval($_POST['points'])); - } - - // Remember points in template - define('__POINTS_VALUE', bigintval($_POST['points'])); + // Prepare content + $content = array( + 'text' => SQL_ESCAPE($_POST['reason']), + 'points' => bigintval($_POST['points']) + ); // Load email and send it away - $msg = LOAD_EMAIL_TEMPLATE("sub-points", $_POST['reason'], $_GET['u_id']); - SEND_EMAIL($email, ADMIN_SUB_SUBJ, $msg); + $msg = LOAD_EMAIL_TEMPLATE("sub-points", $content, bigintval($_GET['u_id'])); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_SUB_SUBJ, $msg); // Output message LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_POINTS_SUBTRACTED); @@ -124,7 +123,7 @@ if ($_GET['u_id'] == "all") { // Opps, missing form here define('__USER_VALUE', "".$sname." ".$fname.""); - define('__UID_VALUE', $_GET['u_id']); + define('__UID', bigintval($_GET['u_id'])); LOAD_TEMPLATE("admin_sub_points"); } } @@ -137,8 +136,8 @@ if ($_GET['u_id'] == "all") else { // Output selection form with all confirmed user accounts listed - ADD_MEMBER_SELECTION_BOX(true); + ADD_MEMBER_SELECTION_BOX("0", true); } -CLOSE_TABLE(); + // ?>