X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Forder.php;h=b0c26bc7af42d42487255500bbbe76b3d8e79c84;hb=847c1a1f0a221f4d560f9a12a3a4aa3d92b6d16f;hp=e51354e30e89598b5f833d2e416755d06795bd7f;hpb=d54624f97b6fbcfc0b9879166af5e6169a5af845;p=mailer.git

diff --git a/inc/modules/order.php b/inc/modules/order.php
index e51354e30e..b0c26bc7af 100644
--- a/inc/modules/order.php
+++ b/inc/modules/order.php
@@ -39,7 +39,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 } elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
 	ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
 	return;
-} elseif (!IS_LOGGED_IN()) {
+} elseif (!IS_MEMBER()) {
 	// Sorry, no guest access!
 	$URL = URL."/modules.php?module=index";
 } elseif (empty($_GET['order'])) {
@@ -63,7 +63,7 @@ if (empty($URL)) {
 	}
 
 	// Update sending pool
-	$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+	$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
 	 array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
 	// Finally is the entry valid?
@@ -72,13 +72,13 @@ if (empty($URL)) {
 		UPDATE_LOGIN_DATA();
 
 		// Load personal data...
-		$result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
 		 array($GLOBALS['userid']), __FILE__, __LINE__);
 		list($sex, $sname, $fname, $email) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
 
 		// Load mail again...              0       1        2           3          4      5      6         7
-		$result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
 		 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 		$DATA = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
@@ -90,8 +90,7 @@ if (empty($URL)) {
 		// Update used points
 		$ADD = "";
 		if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
-		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1",
-		 array($USED, $GLOBALS['userid']), __FILE__, __LINE__);
+		SUB_POINTS($GLOBALS['userid'], $USED);
 
 		// Update mediadata as well
 		if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
@@ -104,12 +103,7 @@ if (empty($URL)) {
 		SEND_EMAIL($email, MEMBER_NEW_QUEUE, $msg_mem);
 
 		// Notify admins about this
-		if (GET_EXT_VERSION("admins") >= "0.4.1") {
-			SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_QUEUE, "order-admin", "", $GLOBALS['userid']);
-		} else {
-			$msg_admin = LOAD_EMAIL_TEMPLATE("order-admin", "", $GLOBALS['userid']);
-			SEND_ADMIN_EMAILS(ADMIN_NEW_QUEUE, $msg_admin);
-		}
+		SEND_ADMIN_NOTIFICATION(ADMIN_NEW_QUEUE, "order-admin", "", $GLOBALS['userid']);
 
 		// Output back bottom
 		LOAD_TEMPLATE("member_order-back", false);