83d8724ff24622ea82a394cd25bacb0cac6e89e6
[mailer.git] / inc / modules / member / what-order.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 10/19/2003 *
4  * ===================                          Last change: 08/26/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-order.php                                   *
8  * -------------------------------------------------------------------- *
9  * Short description : Order mails here                                 *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Hier koennen Ihre Mitglieder Mails buchen        *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
21  * Copyright (c) 2009, 2010 by Mailer Developer Team                    *
22  * For more information visit: http://www.mxchange.org                  *
23  *                                                                      *
24  * This program is free software; you can redistribute it and/or modify *
25  * it under the terms of the GNU General Public License as published by *
26  * the Free Software Foundation; either version 2 of the License, or    *
27  * (at your option) any later version.                                  *
28  *                                                                      *
29  * This program is distributed in the hope that it will be useful,      *
30  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
31  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
32  * GNU General Public License for more details.                         *
33  *                                                                      *
34  * You should have received a copy of the GNU General Public License    *
35  * along with this program; if not, write to the Free Software          *
36  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
37  * MA  02110-1301  USA                                                  *
38  ************************************************************************/
39
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
42         die();
43 } elseif (!isMember()) {
44         redirectToIndexMemberOnlyModule();
45 }
46
47 // Add description as navigation point
48 addMenuDescription('member', __FILE__);
49
50 if ((!isExtensionActive('order')) && (!isAdmin())) {
51         loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('order'));
52         return;
53 } // END - if
54
55 $url = ''; $id = '0';
56 $whereStatement = " WHERE `visible`='Y'";
57
58 // Set undefined array elements
59 if (isAdmin()) $whereStatement = '';
60
61 // Count unconfirmed mails
62 $links = countSumTotalData(getMemberId(), 'user_links', 'id', 'userid', true);
63
64 // Do we have ext-holiday installed?
65 // @TODO Rewrite this to a filter
66 $extraColumn = 'userid';
67 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
68         // Fetch also holiday activation data
69         $extraColumn = 'holiday_active';
70 } // END - if
71
72 $result_mmails = SQL_QUERY_ESC("SELECT
73         `userid`,
74         `receive_mails`,
75         `mail_orders`,
76         `".$extraColumn."`
77 FROM
78         `{?_MYSQL_PREFIX?}_user_data`
79 WHERE
80         `userid`=%s AND
81         `max_mails` > 0
82 LIMIT 1",
83         array(getMemberId()), __FILE__, __LINE__);
84
85 $mmails = SQL_NUMROWS($result_mmails);
86 list($DMY, $MAXI, $ORDERS, $HOLIDAY) = SQL_FETCHROW($result_mmails);
87
88 // Free result
89 SQL_FREERESULT($result_mmails);
90
91 // Fix non-existent ext-holidy
92 if ($HOLIDAY == $DMY) $HOLIDAY = 'N';
93
94 $ALLOWED = $MAXI - $ORDERS;
95 if (getConfig('order_max_full') == 'MAX') $ALLOWED = $MAXI;
96
97 // Now check his points amount
98 $total = countSumTotalData(getMemberId(), 'user_points', 'points') - countSumTotalData(getMemberId(), 'user_data', 'used_points');;
99
100 if (($HOLIDAY == 'Y') && (isExtensionInstalledAndNewer('holiday', '0.1.3'))) {
101         // Holiday is active!
102         loadTemplate('admin_settings_saved', false, getMessage('HOLIDAY_ORDER_NOT_POSSIBLE'));
103 } elseif ((isPostRequestParameterSet('frametester')) && ($ALLOWED > 0) && (postRequestParameter('receiver') > 0)) {
104         // Continue with the frametester, we first need to store the data temporary in the pool
105         //
106         // First we would like to store the data and get it's pool position back...
107         $result = SQL_QUERY_ESC("SELECT `id`, `data_type`
108 FROM
109         `{?_MYSQL_PREFIX?}_pool`
110 WHERE
111         `sender`=%s AND
112         `url`='%s' AND
113         `timestamp` > (UNIX_TIMESTAMP() - %s)
114 LIMIT 1",
115                 array(
116                         getMemberId(),
117                         postRequestParameter('url'),
118                         getConfig('url_tlock')
119                 ), __FILE__, __LINE__);
120
121         $type = 'TEMP'; $id = '0';
122         if (SQL_NUMROWS($result) == 1) {
123                 // Load id and mail type
124                 list($id, $type) = SQL_FETCHROW($result);
125         } // END - if
126
127         // Free result
128         SQL_FREERESULT($result);
129
130         if ($type == 'TEMP') {
131                 // No entry found, so we need to check out the stats table as well... :)
132                 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
133                 $url = '';
134                 if (getConfig('allow_url_in_text') == 'Y') {
135                         // Test submitted text against some filters (length, URLs in text etc.)
136                         if ((strpos(strtolower(postRequestParameter('text')), 'https://') > -1) || (strpos(strtolower(postRequestParameter('text')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('text')), "www") > -1)) {
137                                 // URL found!
138                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('URL_FOUND');
139                         } // END - if
140
141                         // Remove new-line and carriage-return characters
142                         $TEST = str_replace("\n", '', str_replace("\r", '', postRequestParameter('text')));
143
144                         // Text length within allowed length?
145                         if (strlen($TEST) > getConfig('max_tlength')) {
146                                 // Text is too long!
147                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('OVERLENGTH');
148                         } // END - if
149                 } // END - if
150
151                 // Shall I test the subject line against URLs?
152                 if (getConfig('allow_url_in_subject') == 'Y') {
153                         // Check the subject line for issues
154                         setPostRequestParameter('subject', str_replace("\\", '[nl]', substr(postRequestParameter('subject'), 0, 200)));
155                         if ((strpos(strtolower(postRequestParameter('subject')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('subject')), "www") > -1)) {
156                                 // URL in subject found
157                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('SUBJ_URL');
158                         } // END - if
159                 } // END - if
160
161                 // And shall I check that his URL is not in the black list?
162                 if (getConfig('url_blacklist') == 'Y') {
163                         // Ok, I do that for you know...
164                         $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1",
165                                 array(postRequestParameter('url')), __FILE__, __LINE__);
166
167                         if (SQL_NUMROWS($result) == 1) {
168                                 // Jupp, we got one listed
169                                 list($blist) = SQL_FETCHROW($result);
170
171                                 // Create redirect-URL
172                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('BLIST_URL') . '&amp;blist=' . $blist;
173                         } // END - if
174
175                         // Free result
176                         SQL_FREERESULT($result);
177                 } // END - if
178
179                 // Enougth receivers entered?
180                 if ((postRequestParameter('receiver') < getConfig('order_min')) && (!isAdmin())) {
181                         // Less than allowed receivers entered!
182                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_RECEIVERS3');
183                 } // END - if
184
185                 // Validate URL
186                 if (!isUrlValid(postRequestParameter('url'))) {
187                         // URL is invalid!
188                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('INVALID_URL');
189                 } // END - if
190
191                 // Probe for HTML extension
192                 if (isExtensionActive('html_mail')) {
193                         // HTML or regular text mail?
194                         if (postRequestParameter('html') == 'Y') {
195                                 // Chek for valid HTML tags
196                                 setPostRequestParameter('text', checkHtmlTags(postRequestParameter('text')));
197
198                                 // Maybe invalid tags found?
199                                 if (!isPostRequestParameterSet('text')) $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('INVALID_TAGS')."&amp;id=".$id;
200                         } else {
201                                 // Remove any HTML code
202                                 setPostRequestParameter('text', str_replace('<', '{OPEN_HTML}', str_replace('>', '{CLOSE_HTML}', postRequestParameter('text'))));
203                         }
204                 } // END - if
205
206                 // Is mail type set?
207                 if ((!isPostRequestParameterSet('mail_type')) || (postRequestParameter('mail_type') < 1)) {
208                         // Not correctly set
209                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('NO_MAIL_TYPE');
210                 } // END - if
211         } elseif (!isAdmin()) {
212                 // He has already sent a mail within a specific time
213                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('URL_TLOCK') . '&amp;id=' . $id;
214         }
215
216         // Still no error?
217         if (empty($url)) {
218                 // Check if category and number of receivers is okay
219                 $add = '';
220                 if ((getConfig('order_multi_page') == 'Y') && (isPostRequestParameterSet('zip')) && (postRequestParameter('zip') != '')) {
221                         // Choose recipients by ZIP code
222                         $add = sprintf(" AND d.zip LIKE '%s%%'",
223                                 bigintval(postRequestParameter('zip'))
224                         );
225                 } // END - if
226
227                 // Check for userids
228                 $result = SQL_QUERY_ESC("SELECT
229         c.userid
230 FROM
231         `{?_MYSQL_PREFIX?}_user_cats` AS c
232 LEFT JOIN
233         `{?_MYSQL_PREFIX?}_user_data` AS d
234 ON
235         c.userid=d.userid
236 WHERE
237         c.cat_id=%s AND
238         c.userid != '%s' AND
239         d.`status`='CONFIRMED' AND
240         d.receive_mails > 0
241         ".$add."
242 ORDER BY
243         d.%s %s",
244                         array(
245                                 bigintval(postRequestParameter('cat')),
246                                 getMemberId(),
247                                 getConfig('order_select'),
248                                 getConfig('order_mode'),
249                         ), __FILE__, __LINE__);
250
251                 // Do we enougth receivers left?
252                 if (SQL_NUMROWS($result) >= postRequestParameter('receiver')) {
253                         // Load receivers from database
254                         $TEST = array(); $cnt = '0';
255                         while ($holidayContent = SQL_FETCHARRAY($result)) {
256                                 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
257                                         // Check for his holiday status
258                                         $result_holiday = SQL_QUERY_ESC("SELECT
259         `id`
260 FROM
261         `{?_MYSQL_PREFIX?}_user_holidays`
262 WHERE
263         `userid`=%s AND `holiday_start` < UNIX_TIMESTAMP() AND `holiday_end` > UNIX_TIMESTAMP()
264 LIMIT 1",
265                                                 array($holidayContent['userid']), __FILE__, __LINE__);
266                                         if (SQL_NUMROWS($result_holiday) == 1) $holidayContent['userid'] = '0'; // Exclude user who are in holiday
267
268                                         // Free memory
269                                         SQL_FREERESULT($result_holiday);
270                                 } // END - if
271
272                                 if ($holidayContent['userid'] > 0) {
273                                         // Add receiver
274                                         $TEST[] = $holidayContent['userid'];
275                                         $cnt++;
276                                 } // END - if
277                         } // END - while
278
279                         // Free memory
280                         SQL_FREERESULT($result);
281
282                         // Implode array into string for the sending pool
283                         $receiver = implode($TEST, ';');
284
285                         // Count array for maximum sent
286                         $content['target_send'] = count($TEST);
287
288                         // Update receiver list
289                         SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s",
290                                 array(convertReceivers($receiver), $content['target_send']), __FILE__, __LINE__);
291
292                         // Is calculated max receivers larger than wanted receivers then reset it
293                         if ($content['target_send'] > postRequestParameter('receiver')) $content['target_send'] = bigintval(postRequestParameter('receiver'));
294
295                         // Calculate used points
296                         $USED = $content['target_send'] * getPaymentPoints(bigintval(postRequestParameter('mail_type')));
297
298                         // Fix empty zip code
299                         if (!isPostRequestParameterSet('zip')) setPostRequestParameter('zip', 0);
300
301                         // Check if he has enougth points for this order and selected more than 0 receivers
302                         if (($USED > 0) && ($USED <= $total) && ($content['target_send'] > 0)) {
303                                 // Gettings points is okay, so we can add $USED later from
304                                 if (($id == '0') || ($type != 'TEMP')) {
305                                         // New order
306                                         $id = '0';
307                                         if (isExtensionActive('html_mail')) {
308                                                 // HTML extension is active
309                                                 SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` (`sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`, `html_msg`)
310 VALUES (%s,'%s','%s','%s','%s','TEMP',UNIX_TIMESTAMP(),'%s',%s,%s,%s,'%s')",
311                                                         array(
312                                                                 getMemberId(),
313                                                                 postRequestParameter('subject'),
314                                                                 postRequestParameter('text'),
315                                                                 $receiver,
316                                                                 bigintval(postRequestParameter('mail_type')),
317                                                                 postRequestParameter('url'),
318                                                                 bigintval(postRequestParameter('cat')),
319                                                                 $content['target_send'],
320                                                                 bigintval(postRequestParameter('zip'), true, false),
321                                                                 postRequestParameter('html')
322                                                         ), __FILE__, __LINE__);
323                                         } else {
324                                                 // No HTML extension is active
325                                                 SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` (`sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`)
326 VALUES (%s,'%s','%s','%s','%s','TEMP',UNIX_TIMESTAMP(),'%s',%s,%s,%s)",
327                                                         array(
328                                                                 getMemberId(),
329                                                                 postRequestParameter('subject'),
330                                                                 postRequestParameter('text'),
331                                                                 $receiver,
332                                                                 bigintval(postRequestParameter('mail_type')),
333                                                                 postRequestParameter('url'),
334                                                                 bigintval(postRequestParameter('cat')),
335                                                                 $content['target_send'],
336                                                                 bigintval(postRequestParameter('zip'), true, false),
337                                                         ), __FILE__, __LINE__);
338                                         }
339                                 } else {
340                                         // Change current order
341                                         if (isExtensionActive('html_mail')) {
342                                                 // HTML extension is active
343                                                 SQL_QUERY_ESC("UPDATE
344         `{?_MYSQL_PREFIX?}_pool`
345 SET
346         `subject`='%s',
347         `text`='%s',
348         `receivers`='%s',
349         `payment_id`=%s,
350         `timestamp`=UNIX_TIMESTAMP(),
351         `url`='%s',
352         `cat_id`=%s,
353         `target_send`=%s,
354         `zip`=%s,
355         `html_msg`='%s'
356 WHERE
357         `id`=%s
358 LIMIT 1",
359                                                         array(
360                                                                 postRequestParameter('subject'),
361                                                                 postRequestParameter('text'),
362                                                                 $receiver,
363                                                                 bigintval(postRequestParameter('mail_type')),
364                                                                 postRequestParameter('url'),
365                                                                 bigintval(postRequestParameter('cat')),
366                                                                 $content['target_send'],
367                                                                 bigintval(postRequestParameter('zip')),
368                                                                 postRequestParameter('html'),
369                                                                 bigintval($id)
370                                                         ), __FILE__, __LINE__);
371                                         } else {
372                                                 // No HTML extension is active
373                                                 SQL_QUERY_ESC("UPDATE
374         `{?_MYSQL_PREFIX?}_pool`
375 SET
376         `subject`='%s',
377         `text`='%s',
378         `receivers`='%s',
379         `payment_id`=%s,
380         `timestamp`=UNIX_TIMESTAMP(),
381         `url`='%s',
382         `cat_id`=%s,
383         `target_send`=%s,
384         `zip`=%s
385 WHERE
386         `id`=%s
387 LIMIT 1",
388                                                         array(
389                                                                 postRequestParameter('subject'),
390                                                                 postRequestParameter('text'),
391                                                                 $receiver,
392                                                                 bigintval(postRequestParameter('mail_type')),
393                                                                 postRequestParameter('url'),
394                                                                 bigintval(postRequestParameter('cat')),
395                                                                 $content['target_send'],
396                                                                 bigintval(postRequestParameter('zip')),
397                                                                 bigintval($id)
398                                                         ), __FILE__, __LINE__);
399                                         }
400                                 }
401
402                                 // Do we need to get the id number?
403                                 if ($id == '0') {
404                                         // Order is placed as temporary. We need to get it's id for the frametester
405                                         $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1",
406                                                 array(
407                                                         getMemberId(),
408                                                         postRequestParameter('subject'),
409                                                         bigintval(postRequestParameter('mail_type'))
410                                                 ), __FILE__, __LINE__);
411
412                                         // Get pool id
413                                         list($id) = SQL_FETCHROW($result);
414
415                                         // Free result
416                                         SQL_FREERESULT($result);
417                                 } // END - if
418
419                                 // id is received so we can redirect the user, used points will be added when he send's out the mail
420                                 $url = 'modules.php?module=frametester&amp;order=' . $id;
421                         } elseif ($content['target_send'] == '0') {
422                                 // Not enougth receivers found which can receive mails
423                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_RECEIVERS2');
424                         } else {
425                                 // No enougth points left!
426                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_POINTS');
427                         }
428                 } else  {
429                         // Ordered more mails than he can send in this category
430                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('NO_RECS_LEFT');
431                 }
432         }
433 } elseif (postRequestParameter('receiver') == '0') {
434         // Not enougth receivers selected
435         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_RECEIVERS1');
436 } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) {
437         // No more mail orders allowed
438         loadTemplate('admin_settings_saved', false, getMessage('MEMBER_ORDER_ALLOWED_EXHAUSTED'));
439 } elseif (($links < getConfig('unconfirmed')) && ($mmails == 1)) {
440         // Display order form
441         $result_cats = SQL_QUERY("SELECT
442         `id`, `cat`
443 FROM
444         `{?_MYSQL_PREFIX?}_cats`
445 ".$whereStatement."
446 ORDER BY
447         `sort` ASC", __FILE__, __LINE__);
448         if (SQL_NUMROWS($result_cats) > 0) {
449                 if ($total > 0) {
450                         // Initialize array...
451                         $categories = array(
452                                 'id'      => array(),
453                                 'name'    => array(),
454                                 'userids' => array()
455                         );
456
457                         // Enable HTML checking
458                         // @TODO Rewrite this to a filter
459                         $HTML = ''; $HOL_STRING = '';
460                         if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) $HTML = " AND `html`='Y'";
461                         if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
462                                 // Extension's version is fine
463                                 $HOL_STRING = " AND `holiday_active`='N'";
464                         } // END - if
465
466                         // ... and begin loading stuff
467                         while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
468                                 $categories['id'][]   = bigintval($categoriesContent['id']);
469                                 $categories['name'][] = $categoriesContent['cat'];
470
471                                 // Select users in current category
472                                 $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC",
473                                         array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__);
474
475                                 $userid_cnt = '0';
476                                 while (list($ucat) = SQL_FETCHROW($result_userids)) {
477                                         // Check for holiday system
478                                         $HOL_ACTIVE = false;
479                                         if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
480                                                 // Check user's holiday status
481                                                 $result_holiday = SQL_QUERY_ESC("SELECT
482         d.userid FROM `{?_MYSQL_PREFIX?}_user_data` AS d
483 LEFT JOIN
484         `{?_MYSQL_PREFIX?}_user_holidays` AS h
485 ON
486         d.userid=h.userid
487 WHERE
488         d.userid=%s AND
489         d.receive_mails > 0 AND
490         d.`status`='CONFIRMED' AND
491         d.`holiday_active`='Y' AND
492         h.holiday_start < UNIX_TIMESTAMP() AND
493         h.holiday_end > UNIX_TIMESTAMP()
494 LIMIT 1",
495                                                         array(bigintval($ucat)), __FILE__, __LINE__);
496
497                                                 // Is holiday is active?
498                                                 $HOL_ACTIVE = (SQL_NUMROWS($result_holiday) == 1);
499
500                                                 // Free memory
501                                                 SQL_FREERESULT($result_holiday);
502                                         } // END - if
503
504                                         if ($HOL_ACTIVE === false) {
505                                                 // Check if the user want's to receive mails?
506                                                 $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1",
507                                                         array(bigintval($ucat)), __FILE__, __LINE__);
508
509                                                 if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestParameterSet('zip')) && (getConfig('order_multi_page') == 'Y')) {
510                                                         // Get zip code
511                                                         list($zip) = SQL_FETCHROW($result_ver);
512                                                         if (substr($zip, 0, strlen(postRequestParameter('zip'))) == postRequestParameter('zip')) {
513                                                                 // Ok, ZIP part is found
514                                                                 $userid_cnt++;
515                                                         } // END - if
516                                                 } else {
517                                                         // Count numbers up!
518                                                         $userid_cnt += SQL_NUMROWS($result_ver);
519                                                 }
520
521                                                 // Free result
522                                                 SQL_FREERESULT($result_ver);
523                                         } // END - if
524                                 } // END - while
525
526                                 // Free memory
527                                 SQL_FREERESULT($result_userids);
528                                 $categories['userids'][] = $userid_cnt;
529                         } // END - while
530
531                         // Free memory
532                         SQL_FREERESULT($result_cats);
533
534                         // Now we need to load the mail types...
535                         $result = SQL_QUERY("SELECT `id`, `price`, `payment`, `mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__);
536
537                         $types = array();
538                         if (SQL_NUMROWS($result) > 0) {
539                                 // Check for message id in URL
540                                 $message = getMessageFromErrorCode(getRequestParameter('code'));
541
542                                 if (!empty($message)) {
543                                         // We got system message so we drop it out to the user
544                                         loadTemplate('admin_settings_saved', false, $message);
545                                 } // END - if
546
547                                 // Load all email types...
548                                 while ($types[] = SQL_FETCHROW($result)) {
549                                         // Nothing to do here... ;-)
550                                 } // END - while
551
552                                 // Free memory
553                                 SQL_FREERESULT($result);
554
555                                 // Output user's points
556                                 $content['total'] = translateComma($total);
557
558                                 // Check how many mail orders he has placed today and how many he's allowed to send
559                                 switch (getConfig('order_max_full')) {
560                                         case 'MAX': // He is allowed to send as much as possible
561                                                 $content['order_max_full'] = getMessage('MEMBER_ORDER_ALLOWED_MAX');
562                                                 break;
563
564                                         case 'ORDER': // He is allowed to send as much as he setup the receiving value
565                                                 $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, $MAXI);
566                                                 break;
567
568                                         default: // Unknown/invalid
569                                                 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full')));
570                                                 $content['order_max_full'] = getMessage('MEMBER_ORDER_ALLOWED_UNKNOWN');
571                                                 break;
572                                 } // END - switch
573
574                                 // Load final template
575                                 loadTemplate('member_order_points', false, $content);
576
577                                 // Reset variables
578                                 $OLD_ORDER = false;
579                                 $subject = '';
580                                 $text = '';
581                                 $target = '';
582
583                                 // Check if we already have an order placed and make it editable
584                                 $result = SQL_QUERY_ESC("SELECT
585         `subject`, `text`, `payment_id`, `timestamp`, `url`, `target_send`, `cat_id`, `zip`
586 FROM
587         `{?_MYSQL_PREFIX?}_pool`
588 WHERE
589         `sender`=%s AND
590         `data_type`='TEMP'
591 LIMIT 1",
592                                         array(getMemberId()), __FILE__, __LINE__);
593
594                                 if (SQL_NUMROWS($result) == 1) {
595                                         // Old order found
596                                         $content = merge_array($content, SQL_FETCHARRAY($result));
597
598                                         // Fix max receivers when it is too much
599                                         if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) {
600                                                 // Fix it
601                                                 $content['target_send'] = $categories['userids'][$content['cat_id']];
602                                         } // END - if
603
604                                         // Old order is grabbed
605                                         $OLD_ORDER = true;
606                                 } else {
607                                         // Default output for that your members don't forget it...
608                                         $content['url']         = 'http://';
609                                         $content['target_send'] = getConfig('order_min');
610                                         $content['subject']     = '{--ORDER_DEFAULT_SUBJECT--}';
611                                         $content['text']        = '{--ORDER_DEFAULT_TEXT--}';
612                                 }
613
614                                 // Free result
615                                 SQL_FREERESULT($result);
616
617                                 if ((isPostRequestParameterSet('data')) || ((getConfig('order_multi_page') != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
618                                         // Pre-output categories
619                                         $content['category_selection'] = '';
620                                         foreach ($categories['id'] as $key => $value) {
621                                                 $content['category_selection'] .= "      <option value=\"".$value."\"";
622                                                 if (($OLD_ORDER) && ($content['cat_id'] == $value)) $content['category_selection'] .= ' selected="selected"';
623                                                 $content['category_selection'] .= ">".$categories['name'][$key]." (".$categories['userids'][$key]." {--USER_IN_CAT--})</option>\n";
624                                         } // END - foreach
625
626                                         // Mail type
627                                         $content['type_selection'] = '';
628                                         foreach ($types as $key => $value) {
629                                                 $P = translateComma($types[$key][1]);
630                                                 if (is_array($value)) {
631                                                         // Output option line
632                                                         $content['type_selection'] .= "      <option value=\"".$types[$key][0]."\"";
633                                                         if (($OLD_ORDER) && ($content['payment_id'] == $types[$key][0])) $content['type_selection'] .= ' selected="selected"';
634                                                         $content['type_selection'] .= ">".$P." {--PER_MAIL--} - ".$types[$key][3]." - ".round($types[$key][2])." {--PAYMENT--}</option>\n";
635                                                 } // END - if
636                                         } // END - foreach
637
638                                         // No content is default
639                                         $content['zip_content'] = '';
640
641                                         if (isPostRequestParameterSet('zip')) {
642                                                 // Output entered ZIP code
643                                                 $content['zip_content'] = loadTemplate('member_order-zip2', true, postRequestParameter('zip'));
644                                         } // END - if
645
646                                         // HTML extension
647                                         if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) {
648                                                 // Extension is active so output valid HTML tags
649                                                 $content['html_extension'] = loadTemplate('member_order-html_ext', true, addValidHtmlTags());
650                                         } else {
651                                                 // Extension not active and/or class not uploaded
652                                                 $content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
653                                         }
654
655                                         // Output form for page 2
656                                         loadTemplate('member_order_page2', false, $content);
657                                 } else {
658                                         // Remember maybe entered ZIP code in constant
659                                         if (isExtensionActive('html_mail')) {
660                                                 // Add some content when html extension is active
661                                                 $content['html_extension'] = loadTemplate('member_order-html_intro', true);
662                                         } else {
663                                                 // No HTML extension installed
664                                                 $content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
665                                         }
666
667                                         // Default is no ZIP code
668                                         $content['zip_content'] = '';
669
670                                         // Do we want ZIP code or not?
671                                         if ((getConfig('order_multi_page') == 'Y') || (isAdmin())) {
672                                                 // Yes
673                                                 if (postRequestParameter('zip') > 0) {
674                                                         $data = array(
675                                                                 'zip' => bigintval(postRequestParameter('zip'))
676                                                         );
677                                                 } else {
678                                                         $data = array(
679                                                                 'zip' => ''
680                                                         );
681                                                 }
682                                                 $content['zip_content'] = loadTemplate('member_order-zip1', true, $data);
683                                         } // END - if
684
685                                         // Output form for page 1 (ZIP code or HTML)
686                                         loadTemplate('member_order_page1', false, $content);
687                                 }
688                         } else {
689                                 // No mail types defined
690                                 loadTemplate('admin_settings_saved', false, '<span class="member_failed">{--MEMBER_NO_PAYMENTS--}</span>');
691                         }
692                 } else {
693                         // No points left
694                         loadTemplate('admin_settings_saved', false, '<span class="member_failed">{--MEMBER_NO_POINTS--}</span>');
695                 }
696         } else {
697                 // No cateogries are defined yet
698                 loadTemplate('admin_settings_saved', false, '<span class="member_failed">{--MEMBER_NO_CATS--}</span>');
699         }
700 } elseif ($mmails == '0') {
701         // Please set more than 0 mails per day
702         loadTemplate('admin_settings_saved', false, getMessage('MEMBER_HAS_ZERO_MMAILS'));
703 } else {
704         // Please confirm some mails first
705         loadTemplate('admin_settings_saved', false, getMaskedMessage('MEMBER_LINKS_LEFT'), $links);
706 }
707
708 if (!empty($url)) {
709         // Redirect to requested URL
710         redirectToUrl($url);
711 } // END - if
712
713 // [EOF]
714 ?>