X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fmember%2Fwhat-order.php;h=5f5422dc5eb1d9092658829e54310a1ba4880edc;hb=357b2ca133fc1f89db74097955c366cb4bee6996;hp=10eaf82772c5137a9b459547683b86fc42044ce4;hpb=fb54237bf1d0c0a7435ad4322a4ac40f3bd72eba;p=mailer.git diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php index 10eaf82772..5f5422dc5e 100644 --- a/inc/modules/member/what-order.php +++ b/inc/modules/member/what-order.php @@ -32,23 +32,18 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); -} - elseif (!IS_LOGGED_IN()) -{ +} elseif (!IS_MEMBER()) { LOAD_URL("modules.php?module=index"); -} - elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) -{ +} elseif (!EXT_IS_ACTIVE("order")) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order"); return; } // Add description as navigation point -ADD_DESCR("member", basename(__FILE__)); +ADD_DESCR("member", __FILE__); $URL = ""; $id = 0; $whereStatement = " WHERE visible='Y'"; @@ -58,10 +53,10 @@ if (empty($_GET['msg'])) $_GET['msg'] = ""; if (empty($_POST['zip'])) $_POST['zip'] = ""; if (empty($_POST['html'])) $_POST['html'] = ""; if (empty($_POST['receiver'])) $_POST['receiver'] = ""; -if (is_admin()) $whereStatement = ""; +if (IS_ADMIN()) $whereStatement = ""; // Add slashes to every value -foreach($_POST as $key=>$value) +foreach($_POST as $key => $value) { // Skip submit buttons if (($key != "data") && ($key != "frametester")) $_POST[$key] = addslashes($value); @@ -101,43 +96,30 @@ if ($_CONFIG['order_max_full'] == "MAX") $ALLOWED = $MAXI; $HTML_EXT = EXT_IS_ACTIVE("html_mail"); // Now check his points amount -$result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s", - array($GLOBALS['userid']), __FILE__, __LINE__); - -$TOTAL = "0"; -if (SQL_NUMROWS($result_p) > 0) -{ - // Load points - list($TOTAL) = SQL_FETCHROW($result_p); - SQL_FREERESULT($result_p); +$TOTAL = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points"); +if ($TOTAL > 0) { // And subtract his used points... - $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", - array($GLOBALS['userid']), __FILE__, __LINE__); - - list($p) = SQL_FETCHROW($result_p); - SQL_FREERESULT($result_p); - $TOTAL -= $p; + $TOTAL -= GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points"); // Add (maybe) missing three zeros if (!ereg(".", $TOTAL)) $TOTAL .= ".00000"; } -if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3")) -{ +if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3")) { // Holiday is active! SQL_FREERESULT($result_p); LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE); -} - elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0)) -{ +} elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0)) { // Continue with the frametester, we first need to store the data temporary in the pool // // First we would like to store the data and get it's pool position back... - $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%s AND url='%s' AND timestamp > %s LIMIT 1", - array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $_CONFIG['url_tlock'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT id, data_type +FROM "._MYSQL_PREFIX."_pool +WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1", + array($GLOBALS['userid'], $_POST['url'], $_CONFIG['url_tlock']), __FILE__, __LINE__); - $type = "TEMP"; $id = "0"; + $type = "TEMP"; $id = 0; if (SQL_NUMROWS($result) == 1) { list($id, $type) = SQL_FETCHROW($result); @@ -264,7 +246,7 @@ ORDER BY d.%s %s", { // Check for his holiday status $result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays -WHERE userid=%s AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1", +WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIMESTAMP() LIMIT 1", array(bigintval($REC)), __FILE__, __LINE__); if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday @@ -312,7 +294,7 @@ WHERE userid=%s AND holiday_start < ".time()." AND holiday_end > ".time()." LIMI { // HTML extension is active $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg) - VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s', '%s')", + VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')", array( $GLOBALS['userid'], addslashes($_POST['subject']), @@ -331,7 +313,7 @@ array( { // No HTML extension is active $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip) - VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s')", + VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')", array( $GLOBALS['userid'], addslashes($_POST['subject']), @@ -485,7 +467,7 @@ array( $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s AND userid != '%s' ORDER BY userid", array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__); - $uid_cnt = "0"; + $uid_cnt = 0; while (list($ucat) = SQL_FETCHROW($result_uids)) { // Check for holiday system @@ -497,7 +479,7 @@ array( LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h ON d.userid=h.userid WHERE d.userid=%s AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y' -AND h.holiday_start < ".time()." AND h.holiday_end > ".time()." +AND h.holiday_start < UNIX_TIMESTAMP() AND h.holiday_end > UNIX_TIMESTAMP() LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); if (SQL_NUMROWS($result_holiday) == 1) { @@ -692,7 +674,7 @@ LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); { // Pre-output categories $CAT = ""; - foreach ($CATS['id'] as $key=>$value) + foreach ($CATS['id'] as $key => $value) { $CAT .= "