X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Forder.php;h=db72794c44ab9e8be34336e6a59588f5ee76d323;hb=49ffe0a4fb551d0965e97db1ad4ff12f13f4b9ad;hp=73626631b5e8f35824ff03cafcb1d5f80f644c2e;hpb=f01652b7b8efac92d97889e312402c4a845c2f14;p=mailer.git diff --git a/inc/modules/order.php b/inc/modules/order.php index 73626631b5..db72794c44 100644 --- a/inc/modules/order.php +++ b/inc/modules/order.php @@ -33,24 +33,24 @@ // Some security stuff... $URL = ""; -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) { - ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order"); + addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "order"); return; } elseif (!IS_MEMBER()) { // Sorry, no guest access! - $URL = URL."/modules.php?module=index"; + $URL = "modules.php?module=index"; } elseif (empty($_GET['order'])) { // You cannot call this module directly! - $URL = URL."/modules.php?module=login&what=order"; + $URL = "modules.php?module=login&what=order"; } // When URL is empty nothing bad happend here if (empty($URL)) { // Is the auto-send mechanism active or inactive? - if ($_CONFIG['autosend_active'] == "Y") { + if (getConfig('autosend_active') == "Y") { // Auto-send is active define('ADMIN_AUTOSEND', COMPILE_CODE(ADMIN_AUTOSEND_ACTIVE)); define('MEMBER_AUTOSEND', COMPILE_CODE(MEMBER_AUTOSEND_ACTIVE)); @@ -63,23 +63,20 @@ if (empty($URL)) { } // Update sending pool - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", - array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", + array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); // Finally is the entry valid? if (SQL_AFFECTEDROWS() == 1) { - // Update his login data - UPDATE_LOGIN_DATA(); - // Load personal data... - $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", - array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + array($GLOBALS['userid']), __FILE__, __LINE__); list($gender, $sname, $fname, $email) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Load mail again... 0 1 2 3 4 5 6 7 $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1", - array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); + array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); $DATA = SQL_FETCHROW($result); SQL_FREERESULT($result); if (empty($DATA[0])) $DATA[0] = DEFAULT_SUBJECT_LINE; @@ -89,16 +86,17 @@ if (empty($URL)) { // Update used points $ADD = ""; - if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1"; - SUB_POINTS($GLOBALS['userid'], $USED); + if (getConfig('order_max_full') == "ORDER") $ADD = ", mail_orders=mail_orders+1"; + SUB_POINTS("order", $GLOBALS['userid'], $USED); // Prepare content $content = array( - 'blocks' => $_CONFIG['max_send'], + 'blocks' => getConfig('max_send'), 'subject' => $DATA[0], 'text' => $DATA[1], 'payment' => GET_PAYMENT($DATA[3]), - 'category' => GET_CATEGORY($DATA[6]) + 'category' => GET_CATEGORY($DATA[6]), + 'url' => $DATA[5] ); // Send an email to the user @@ -112,8 +110,7 @@ if (empty($URL)) { LOAD_TEMPLATE("member_order-back", false); } else { // Matching line not found or already "placed" in send queue - $URL = URL."/modules.php?module=login"; - LOAD_URL($URL); + LOAD_URL("modules.php?module=login"); } } else { // Redirect...