2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 10/19/2003 *
\r
4 * =============== Last change: 08/26/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : what-order.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Order mails here *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Hier können Ihre Mitglieder Mails buchen *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2007 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
\r
40 elseif (!IS_LOGGED_IN())
\r
42 LOAD_URL(URL."/modules.php?module=index");
\r
44 elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN()))
\r
46 ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
\r
50 // Add description as navigation point
\r
51 ADD_DESCR("member", basename(__FILE__));
\r
54 $WHERE = " WHERE visible='Y'";
\r
56 // Set undefined array elements
\r
57 if (empty($_GET['msg'])) $_GET['msg'] = "";
\r
58 if (empty($_POST['zip'])) $_POST['zip'] = "";
\r
59 if (empty($_POST['html'])) $_POST['html'] = "";
\r
60 if (empty($_POST['receiver'])) $_POST['receiver'] = "";
\r
61 if (is_admin()) $WHERE = "";
\r
63 // Add slashes to every value
\r
64 foreach($_POST as $key=>$value)
\r
66 // Skip submit buttons
\r
67 if (($key != "data") && ($key != "frametester")) $_POST[$key] = addslashes($value);
\r
70 // Minimum mails / order
\r
71 define('__MIN_VALUE', $CONFIG['order_min']);
\r
73 // Count unconfirmed mails
\r
74 $result_links = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_links WHERE userid=%d",
\r
75 array($GLOBALS['userid']), __FILE__, __LINE__);
\r
76 $links = SQL_NUMROWS($result_links);
\r
77 SQL_FREERESULT($result_links);
\r
79 // Does the user has more than 0 mails per day set?
\r
81 if (GET_EXT_VERSION("holiday") >= "0.1.3")
\r
83 // Fetch also holiday activation data
\r
84 $HOLIDAY = "holiday_active";
\r
87 $result_mmails = SQL_QUERY_ESC("SELECT userid, receive_mails, mail_orders, ".$HOLIDAY."
\r
88 FROM "._MYSQL_PREFIX."_user_data
\r
89 WHERE userid=%d AND max_mails > 0 LIMIT 1",
\r
90 array($GLOBALS['userid']), __FILE__, __LINE__);
\r
92 $mmails = SQL_NUMROWS($result_mmails);
\r
93 list($DMY, $MAXI, $ORDERS, $HOLIDAY) = SQL_FETCHROW($result_mmails);
\r
94 SQL_FREERESULT($result_mmails);
\r
95 if ($HOLIDAY == $DMY) $HOLIDAY="N";
\r
97 $ALLOWED = $MAXI - $ORDERS;
\r
98 if ($CONFIG['order_max'] == "MAX") $ALLOWED = $MAXI;
\r
100 // Check HTML extension
\r
101 $HTML_EXT = EXT_IS_ACTIVE("html_mail");
\r
103 // Now check his points amount
\r
104 $result_p = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d",
\r
105 array($GLOBALS['userid']), __FILE__, __LINE__);
\r
108 if (SQL_NUMROWS($result_p) > 0)
\r
111 list($TOTAL) = SQL_FETCHROW($result_p);
\r
112 SQL_FREERESULT($result_p);
\r
114 // And subtract his used points...
\r
115 $result_p = SQL_QUERY_ESC("SELECT used_points FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
116 array($GLOBALS['userid']), __FILE__, __LINE__);
\r
118 list($p) = SQL_FETCHROW($result_p);
\r
119 SQL_FREERESULT($result_p);
\r
122 // Add (maybe) missing three zeros
\r
123 if (!ereg(".", $TOTAL)) $TOTAL .= ".00000";
\r
126 if (($HOLIDAY == "Y") && (GET_EXT_VERSION("holiday") >= "0.1.3"))
\r
128 // Holiday is active!
\r
129 SQL_FREERESULT($result_p);
\r
130 LOAD_TEMPLATE("admin_settings_saved", false, HOLIDAY_ORDER_NOT_POSSIBLE);
\r
132 elseif ((!empty($_POST['frametester'])) && ($ALLOWED > 0) && ($_POST['receiver'] > 0))
\r
134 // Continue with the frametester, we first need to store the data temporary in the pool
\r
136 // First we would like to store the data and get it's pool position back...
\r
137 $result = SQL_QUERY_ESC("SELECT id, data_type FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND url='%s' AND timestamp > %d LIMIT 1",
\r
138 array($GLOBALS['userid'], $_POST['url'], bigintval(time() - $CONFIG['url_tlock'])), __FILE__, __LINE__);
\r
140 $type = "TEMP"; $id = "0";
\r
141 if (SQL_NUMROWS($result) == 1)
\r
143 list($id, $type) = SQL_FETCHROW($result);
\r
144 SQL_FREERESULT($result);
\r
146 if ($type == "TEMP")
\r
148 // No entry found, so we need to check out the stats table as well... :)
\r
149 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
\r
151 if ($CONFIG['test_text'] == "Y")
\r
153 // Test submitted text against some filters (length, URLs in text etc.)
\r
154 if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1))
\r
157 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
\r
159 $TEST = str_replace("\n", "", str_replace("\r", "", addslashes($_POST['text'])));
\r
160 if (strlen($TEST) > $CONFIG['max_tlength'])
\r
162 // Text is too long!
\r
163 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_OVERLENGTH;
\r
166 // Shall I test the subject line against URLs?
\r
167 if ($CONFIG['test_subj'] == "Y")
\r
169 // Check the subject line for issues
\r
170 $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
\r
171 if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1))
\r
173 // URL in subject found
\r
174 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_SUBJ_URL;
\r
177 // And shall I check that his URL is not in the black list?
\r
178 if ($CONFIG['url_blacklist'] == "Y")
\r
180 // Ok, I do that for you know...
\r
181 $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1",
\r
182 array($_POST['url']), __FILE__, __LINE__);
\r
184 if (SQL_NUMROWS($result) == 1)
\r
186 // Jupp, we got one listed
\r
187 list($blist) = SQL_FETCHROW($result);
\r
188 SQL_FREERESULT($result);
\r
189 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist;
\r
192 if (($_POST['receiver'] < $CONFIG['order_min']) && (!IS_ADMIN()))
\r
194 // Less than allowed receivers entered!
\r
195 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3;
\r
199 if (!VALIDATE_URL($_POST['url']))
\r
202 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_URL;
\r
205 // Probe for HTML extension
\r
208 if ($_POST['html'] == "Y")
\r
210 // Chek for valid HTML tags
\r
211 $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
\r
213 // Maybe invalid tags found?
\r
214 if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id;
\r
218 // Remove any HTML code
\r
219 $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
\r
223 elseif (!IS_ADMIN())
\r
225 // He has already sent a mail within a specific time
\r
226 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_TLOCK."&id=".$id;
\r
230 // Check if category and number of receivers is okay
\r
232 if (($CONFIG['order_multi'] == "Y") && (!empty($_POST['zip']))) $ADD = "AND d.zip LIKE '".bigintval($_POST['zip'])."{PER}'";
\r
234 // Check for userids
\r
235 $result = SQL_QUERY_ESC("SELECT DISTINCT c.userid FROM "._MYSQL_PREFIX."_user_cats AS c
\r
236 LEFT JOIN "._MYSQL_PREFIX."_user_data AS d
\r
237 ON c.userid=d.userid
\r
238 WHERE c.cat_id=%d AND c.userid != '%s' AND d.status='CONFIRMED' AND d.receive_mails > 0
\r
242 bigintval($_POST['cat']),
\r
243 $GLOBALS['userid'],
\r
244 $CONFIG['order_select'],
\r
245 $CONFIG['order_mode'],
\r
246 ), __FILE__, __LINE__);
\r
248 // Do we enougth receivers left?
\r
249 if (SQL_NUMROWS($result) >= $_POST['receiver'])
\r
251 // Check for holiday extensions
\r
253 if (GET_EXT_VERSION("holiday") >= "0.1.3")
\r
255 // Include checking for users in holiday
\r
259 // Load receivers from database
\r
260 $TEST = array(); $cnt = 0;
\r
261 while (list($REC) = SQL_FETCHROW($result))
\r
265 // Check for his holiday status
\r
266 $result_holiday = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_holidays
\r
267 WHERE userid=%d AND holiday_start < ".time()." AND holiday_end > ".time()." LIMIT 1",
\r
268 array(bigintval($REC)), __FILE__, __LINE__);
\r
269 if (SQL_NUMROWS($result_holiday) == 1) $REC = 0; // Exclude user who are in holiday
\r
272 SQL_FREERESULT($result_holiday);
\r
284 SQL_FREERESULT($result);
\r
286 // Implode array into string for the sending pool
\r
287 $RECEIVER = implode($TEST, ";");
\r
289 // Count array for maximum sent
\r
290 $MAX_SEND = count($TEST);
\r
292 // Update receiver list
\r
293 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET receive_mails=receive_mails-1 WHERE userid IN (%s) LIMIT %s",
\r
294 array(str_replace(";", ", ", $RECEIVER), $MAX_SEND), __FILE__, __LINE__);
\r
296 // Is calculated max receivers larger than wanted receivers then reset it
\r
297 if ($MAX_SEND > $_POST['receiver']) $MAX_SEND = $_POST['receiver'];
\r
299 // Calculate used points
\r
300 $USED = $MAX_SEND * GET_PAY_POINTS(bigintval($_POST['type']));
\r
302 // Check if he has enougth points for this order and selected more than 0 receivers
\r
303 if (($USED > 0) && ($USED <= $TOTAL) && ($MAX_SEND > 0))
\r
305 // Gettings points is okay, so we can add $USED later from
\r
307 if (($id == "0") || ($type != "TEMP"))
\r
313 // HTML extension is active
\r
314 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg)
\r
315 VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s', '%s')",
\r
317 $GLOBALS['userid'],
\r
318 addslashes($_POST['subject']),
\r
319 addslashes($_POST['text']),
\r
321 bigintval($_POST['type']),
\r
324 bigintval($_POST['cat']),
\r
326 bigintval($_POST['zip']),
\r
328 ), __FILE__, __LINE__);
\r
332 // No HTML extension is active
\r
333 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip)
\r
334 VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s')",
\r
336 $GLOBALS['userid'],
\r
337 addslashes($_POST['subject']),
\r
338 addslashes($_POST['text']),
\r
340 bigintval($_POST['type']),
\r
343 bigintval($_POST['cat']),
\r
345 bigintval($_POST['zip']),
\r
346 ), __FILE__, __LINE__);
\r
351 // Change current order
\r
354 // HTML extension is active
\r
355 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET
\r
360 timestamp=UNIX_TIMESTAMP(),
\r
366 WHERE id=%d LIMIT 1",
\r
371 bigintval($_POST['type']),
\r
373 bigintval($_POST['cat']),
\r
375 bigintval($_POST['zip']),
\r
378 ), __FILE__, __LINE__);
\r
382 // No HTML extension is active
\r
383 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET
\r
388 timestamp=UNIX_TIMESTAMP(),
\r
393 WHERE id=%d LIMIT 1",
\r
398 bigintval($_POST['type']),
\r
400 bigintval($_POST['cat']),
\r
402 bigintval($_POST['zip']),
\r
404 ), __FILE__, __LINE__);
\r
408 // Do we need to get the ID number?
\r
410 // Order is placed as temporary. We need to get it's id for the frametester
\r
411 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND subject='%s' AND payment_id=%d AND data_type='TEMP' AND timestamp=%d LIMIT 1",
\r
413 $GLOBALS['userid'],
\r
415 bigintval($_POST['type']),
\r
417 ), __FILE__, __LINE__);
\r
419 list($id) = SQL_FETCHROW($result);
\r
420 SQL_FREERESULT($result);
\r
423 // ID is received so we can redirect the user, used points will be added when he send's out the mail
\r
424 $URL = URL."/modules.php?module=frametester&order=".$id."";
\r
426 elseif ($MAX_SEND == 0)
\r
428 // Not enougth receivers found which can receive mails
\r
429 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS2;
\r
433 // No enougth points left!
\r
434 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_POINTS;
\r
439 // Ordered more mails than he can send in this category
\r
440 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_NO_RECS_LEFT;
\r
444 elseif ($_POST['receiver'] == "0")
\r
446 // Not enougth receivers selected
\r
447 $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS1;
\r
449 elseif (($ALLOWED == 0) && ($CONFIG['order_max'] == "ORDER"))
\r
451 // No more mail orders allowed
\r
452 LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_ORDER_ALLOWED_EXHAUSTED);
\r
454 elseif (($links < $CONFIG['unconfirmed']) && ($mmails == "1"))
\r
456 // Display order form
\r
457 $result_cats = SQL_QUERY("SELECT id, cat FROM "._MYSQL_PREFIX."_cats".$WHERE." ORDER BY sort", __FILE__, __LINE__);
\r
458 if (SQL_NUMROWS($result_cats) > 0)
\r
462 // Initialize array...
\r
469 // Enable HTML checking
\r
470 $HTML = ""; $HOLIDAY = false; $HOL_STRING = "";
\r
471 if (($HTML_EXT) && ($_POST['html'] == "Y")) $HTML = " AND html='Y'";
\r
472 if (GET_EXT_VERSION("holiday") >= "0.1.3")
\r
474 // Extension's version is fine
\r
475 $HOLIDAY = true; $HOL_STRING = " AND holiday_active='N'";
\r
478 // ... and begin loading stuff
\r
479 while (list($id, $cat) = SQL_FETCHROW($result_cats))
\r
481 $CATS['id'][] = bigintval($id);
\r
482 $CATS['name'][] = $cat;
\r
484 // Select users in current category
\r
485 $result_uids = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d AND userid != '%s' ORDER BY userid",
\r
486 array(bigintval($id), $GLOBALS['userid']), __FILE__, __LINE__);
\r
489 while (list($ucat) = SQL_FETCHROW($result_uids))
\r
491 // Check for holiday system
\r
492 $HOL_ACTIVE = false;
\r
495 // Check user's holiday status
\r
496 $result_holiday = SQL_QUERY_ESC("SELECT DISTINCT d.userid FROM "._MYSQL_PREFIX."_user_data AS d
\r
497 LEFT JOIN "._MYSQL_PREFIX."_user_holidays AS h
\r
498 ON d.userid=h.userid
\r
499 WHERE d.userid=%d AND d.receive_mails > 0 AND d.status='CONFIRMED' AND d.holiday_active='Y'
\r
500 AND h.holiday_start < ".time()." AND h.holiday_end > ".time()."
\r
501 LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__);
\r
502 if (SQL_NUMROWS($result_holiday) == 1)
\r
504 // Holiday is active!
\r
505 $HOL_ACTIVE = true;
\r
509 SQL_FREERESULT($result_holiday);
\r
514 // Check if the user want's to receive mails?
\r
515 $result_ver = SQL_QUERY_ESC("SELECT zip FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d".$HTML." AND receive_mails > 0 AND status='CONFIRMED' LIMIT 1",
\r
516 array(bigintval($ucat)), __FILE__, __LINE__);
\r
518 if ((SQL_NUMROWS($result_ver) == 1) && (!empty($_POST['zip'])) && ($CONFIG['order_multi'] == "Y"))
\r
520 list($zip) = SQL_FETCHROW($result_ver);
\r
521 SQL_FREERESULT($result_ver);
\r
522 if (substr($zip, 0, strlen($_POST['zip'])) == $_POST['zip'])
\r
524 // Ok, ZIP part is found
\r
530 // Count numbers up!
\r
531 $uid_cnt += SQL_NUMROWS($result_ver);
\r
537 SQL_FREERESULT($result_uids);
\r
538 $CATS['uids'][] = $uid_cnt;
\r
542 SQL_FREERESULT($result_cats);
\r
544 // Now we need to load the mail types...
\r
545 $result = SQL_QUERY("SELECT id, price, payment, mail_title FROM "._MYSQL_PREFIX."_payments ORDER BY payment", __FILE__, __LINE__);
\r
548 if (SQL_NUMROWS($result) > 0)
\r
550 // Check for message ID in URL
\r
552 switch ($_GET['msg'])
\r
554 case CODE_URL_TLOCK:
\r
555 $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
\r
556 array(bigintval($_GET['id'])), __FILE__, __LINE__);
\r
558 // Load timestamp from last order
\r
559 list($LORDER) = SQL_FETCHROW($result);
\r
560 $LORDER = MAKE_DATETIME($LORDER, "1");
\r
563 SQL_FREERESULT($result);
\r
565 // Calculate hours...
\r
566 $STD = round($CONFIG['url_tlock'] / 60 / 60);
\r
569 $MIN = round(($CONFIG['url_tlock'] - $STD * 60 * 60) / 60);
\r
572 $SEC = $CONFIG['url_tlock'] - $STD * 60 * 60 - $MIN * 60;
\r
574 // Finally contruct the message
\r
575 $MSG = MEMBER_URL_TIME_LOCK."<BR>".CONFIG_URL_TLOCK." ".$STD." ".
\r
576 HOURS.", ".$MIN." ".MINS." "._AND." ".$SEC." ".SECS."<BR>".
\r
577 MEMBER_LAST_TLOCK.": ".$LORDER;
\r
580 case CODE_OVERLENGTH:
\r
581 $MSG = MEMBER_TEXT_OVERLENGTH;
\r
584 case CODE_URL_FOUND:
\r
585 $MSG = MEMBER_TEXT_CONTAINS_URL;
\r
588 case CODE_SUBJ_URL:
\r
589 $MSG = MEMBER_SUBJ_CONTAINS_URL;
\r
592 case CODE_BLIST_URL:
\r
593 $MSG = MEMBER_URL_BLACK_LISTED."<BR>
\r
594 ".MEMBER_BLIST_TIME.": ".MAKE_DATETIME($_GET['blist'], "0");
\r
597 case CODE_NO_RECS_LEFT:
\r
598 $MSG = MEMBER_SELECTED_MORE_RECS;
\r
601 case CODE_INVALID_TAGS:
\r
602 $MSG = MEMBER_HTML_INVALID_TAGS;
\r
605 case CODE_MORE_POINTS:
\r
606 $MSG = MEMBER_MORE_POINTS_NEEDED;
\r
609 case CODE_MORE_RECEIVERS1:
\r
610 $MSG = MEMBER_ENTER_MORE_RECEIVERS;
\r
613 case CODE_MORE_RECEIVERS2:
\r
614 $MSG = MEMBER_NO_MORE_RECEIVERS_FOUND;
\r
617 case CODE_MORE_RECEIVERS3:
\r
618 $MSG = MEMBER_ENTER_MORE_MIN_RECEIVERS_1.$CONFIG['order_min'].MEMBER_ENTER_MORE_MIN_RECEIVERS_2;
\r
621 case CODE_INVALID_URL:
\r
622 $MSG = MEMBER_ENTER_INVALID_URL;
\r
625 case "": // When no error code is included in the URL we do not need to output an error message as well...
\r
629 $MSG = UNKNOWN_CODE_1.$_GET['msg'].UNKNOWN_CODE_2;
\r
634 // We got system message so we drop it out to the user
\r
635 LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
\r
638 // Load all email types...
\r
639 while ($TYPES[] = SQL_FETCHROW($result))
\r
641 // Nothing to do here... ;-)
\r
645 SQL_FREERESULT($result);
\r
647 // Output user's points
\r
648 $TOTAL = TRANSLATE_COMMA($TOTAL);
\r
650 // Check how many mail orders he has placed today and how many he's allowed to send
\r
651 switch ($CONFIG['order_max'])
\r
653 case "MAX": // He is allowed to send as much as possible
\r
654 define('ORDER_MAX_VALUE', ORDER_ALLOED_MAX);
\r
657 case "ORDER": // He is allowed to send as much as he setup the receiving value
\r
658 define('ORDER_MAX_VALUE', ORDER_ALLOWED_RECEIVE_1.$ALLOWED.ORDER_ALLOWED_RECEIVE_2.$MAXI.ORDER_ALLOWED_RECEIVE_3);
\r
662 // Load final template
\r
663 LOAD_TEMPLATE("member_order_points", false, $TOTAL);
\r
666 $OLD_ORDER = false; $subject = ""; $text = ""; $target = "";
\r
668 // Check if we already have an order placed and make it editable
\r
669 $result = SQL_QUERY_ESC("SELECT subject, text, payment_id, timestamp, url, target_send, cat_id, zip FROM "._MYSQL_PREFIX."_pool WHERE sender=%d AND data_type='TEMP' LIMIT 1",
\r
670 array($GLOBALS['userid']), __FILE__, __LINE__);
\r
672 if (SQL_NUMROWS($result) == 1)
\r
675 list($subject, $text, $payment, $tstamp, $url, $target, $cat, $zip) = SQL_FETCHROW($result);
\r
676 SQL_FREERESULT($result);
\r
678 // Fix max receivers when it is too much
\r
679 if ($target > $CATS['uids'][$cat]) $target = $CATS['uids'][$cat];
\r
681 // Old order is grabbed
\r
686 // Default output for that your members don't forget it...
\r
690 // 01 2 21 12 2 23 443 3 3210
\r
691 if ((!empty($_POST['data'])) || (($CONFIG['order_multi'] == "N") && ((!IS_ADMIN()) && (!$HTML_EXT))))
\r
693 // Pre-output categories
\r
695 foreach ($CATS['id'] as $key=>$value)
\r
697 $CAT .= " <OPTION value=\"".$value."\"";
\r
698 if (($OLD_ORDER) && ($cat == $value)) $CAT .= " selected=\"selected\"";
\r
699 $CAT .= ">".$CATS['name'][$key]." (".$CATS['uids'][$key]." ".USER_IN_CAT.")</OPTION>\n";
\r
703 foreach ($TYPES as $key=>$value)
\r
705 $P = TRANSLATE_COMMA($TYPES[$key][1]);
\r
706 if (is_array($value))
\r
708 // Output option line
\r
709 $TYPE .= " <OPTION value=\"".$TYPES[$key][0]."\"";
\r
710 if (($OLD_ORDER) && ($payment == $TYPES[$key][0])) $TYPE .= " selected=\"selected\"";
\r
711 $TYPE .= ">".$P." ".PER_MAIL." - ".$TYPES[$key][3]." - ".round($TYPES[$key][2])." ".PAYMENT."</OPTION>\n";
\r
715 // Put all in constants for the template
\r
716 define('CATEGORY_SELECTION', $CAT);
\r
717 define('TYPE_SELECTION', $TYPE);
\r
718 define('TARGET', $target);
\r
719 define('SUBJECT', $subject);
\r
720 define('TEXT', COMPILE_CODE($text));
\r
721 define('T_URL', $url);
\r
723 if (!empty($_POST['zip']))
\r
725 // Output entered ZIP code
\r
726 define('ZIP_OUTPUT', LOAD_TEMPLATE("member_order-zip2", true, $_POST['zip']));
\r
730 define('ZIP_OUTPUT', "<TR><TD colspan=\"5\" height=\"5\" class=\"seperator\"> </TD></TR>");
\r
733 if (($HTML_EXT) && ($_POST['html'] == "Y"))
\r
735 // Extension is active so output valid HTML tags
\r
736 define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_ext", true, HTML_ADD_VALID_TAGS()));
\r
740 // Extension not active and/or class not uploaded
\r
741 define('MEMBER_HTML_EXTENSION', "<TR><TD colspan=\"5\"><INPUT type=\"hidden\" name=\"html\" value=\"N\"></TD></TR>");
\r
744 // Output form for page 2
\r
745 LOAD_TEMPLATE("member_order_page2");
\r
749 // Remember maybe entered ZIP code in constant
\r
753 // Add some content when html extension is active
\r
754 if (($CONFIG['order_multi'] == "Y") || (IS_ADMIN())) $ADD = "<TR><TD colspan=\"2\" class=\"seperator bottom2\" height=\"5\"> </TD></TR>\n";
\r
755 define('MEMBER_HTML_EXTENSION', LOAD_TEMPLATE("member_order-html_intro", true));
\r
759 // No HTML extension installed
\r
760 define('MEMBER_HTML_EXTENSION', "<TR><TD colspan=\"2\"><INPUT type=\"hidden\" name=\"html\" value=\"N\"></TD></TR>");
\r
762 // Do we want ZIP code or not?
\r
763 if (($CONFIG['order_multi'] == "Y") || (IS_ADMIN()))
\r
767 'zip' => $_POST['zip'],
\r
770 define('MEMBER_ZIP_CONTENT', LOAD_TEMPLATE("member_order-zip1", true, $content));
\r
775 define('MEMBER_ZIP_CONTENT', "");
\r
778 // Output form for page 1 (ZIP code or HTML)
\r
779 LOAD_TEMPLATE("member_order_page1");
\r
784 // No mail types defined
\r
785 OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_PAYMENTS."</SPAN></STRONG>");
\r
791 OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_POINTS."</SPAN></STRONG>");
\r
796 // No cateogries are defined yet
\r
797 OUTPUT_HTML ("<STRONG><SPAN class=\"member_failed\">".MEMBER_NO_CATS."</SPAN></STRONG>");
\r
800 elseif ($mmails == "0")
\r
802 // Please set more than 0 mails per day!
\r
803 LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_HAS_ZERO_MMAILS);
\r
807 // Please confirm some mails first!
\r
808 LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_LINKS_LEFT_1.$links.MEMBER_LINKS_LEFT_2.$CONFIG['unconfirmed'].MEMBER_LINKS_LEFT_3);
\r
813 // Redirect to requested URL
\r