f87c555b36622607d644252c06210bca5f51c8e7
[mailer.git] / inc / modules / member / what-order.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 10/19/2003 *
4  * ===================                          Last change: 08/26/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-order.php                                   *
8  * -------------------------------------------------------------------- *
9  * Short description : Order mails here                                 *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Hier koennen Ihre Mitglieder Mails buchen        *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * -------------------------------------------------------------------- *
18  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
19  * Copyright (c) 2009 - 2012 by Mailer Developer Team                   *
20  * For more information visit: http://mxchange.org                      *
21  *                                                                      *
22  * This program is free software; you can redistribute it and/or modify *
23  * it under the terms of the GNU General Public License as published by *
24  * the Free Software Foundation; either version 2 of the License, or    *
25  * (at your option) any later version.                                  *
26  *                                                                      *
27  * This program is distributed in the hope that it will be useful,      *
28  * GNU General Public License for more details.                         *
29  *                                                                      *
30  * You should have received a copy of the GNU General Public License    *
31  * along with this program; if not, write to the Free Software          *
32  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
33  * MA  02110-1301  USA                                                  *
34  ************************************************************************/
35
36 // Some security stuff...
37 if (!defined('__SECURITY')) {
38         exit();
39 } elseif (!isMember()) {
40         redirectToIndexMemberOnlyModule();
41 }
42
43 // Add description as navigation point
44 addYouAreHereLink('member', __FILE__);
45
46 if ((!isExtensionActive('order')) && (!isAdmin())) {
47         displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=order%}');
48         return;
49 } // END - if
50
51 $url = ''; $id = '0';
52
53 $ALLOWED = getUserData('receive_mails') - getUserData('mail_orders');
54 if (getConfig('order_max_full') == 'MAX') $ALLOWED = getUserData('receive_mails');
55
56 // Now check his points amount
57 $totalPoints = getTotalPoints(getMemberId());
58
59 if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (isUserDataEnabled('holiday_active'))) {
60         // Holiday is active!
61         displayMessage('{--MEMBER_HOLIDAY_ORDER_NOT_POSSIBLE--}');
62 } elseif ((isPostRequestElementSet('frametester')) && ($ALLOWED > 0) && (postRequestElement('receiver') > 0)) {
63         // Continue with the frametester, we first need to store the data temporary in the pool
64         //
65         // First we would like to store the data and get it's pool position back...
66         $result = SQL_QUERY_ESC("SELECT
67         `id`,
68         `data_type`
69 FROM
70         `{?_MYSQL_PREFIX?}_pool`
71 WHERE
72         `sender`=%s AND
73         `url`='%s' AND
74         (UNIX_TIMESTAMP() - `timestamp`) >= {?url_tlock?}
75 LIMIT 1",
76                 array(
77                         getMemberId(),
78                         postRequestElement('url')
79                 ), __FILE__, __LINE__);
80
81         $type = 'TEMP'; $id = '0';
82         if (SQL_NUMROWS($result) == 1) {
83                 // Load id and mail type
84                 // @TODO Rewrite this to SQL_FETCHARRAY()
85                 list($id, $type) = SQL_FETCHROW($result);
86         } // END - if
87
88         // Free result
89         SQL_FREERESULT($result);
90
91         if ($type == 'TEMP') {
92                 // No entry found, so we need to check out the stats table as well... :)
93                 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
94                 $url = '';
95                 if (getConfig('allow_url_in_text') == 'Y') {
96                         // Test submitted text against some filters (length, URLs in text etc.)
97                         if ((isInStringIgnoreCase('https://', postRequestElement('text'))) || (isInStringIgnoreCase('http://', postRequestElement('text'))) || (isInStringIgnoreCase('www', postRequestElement('text')))) {
98                                 // URL found
99                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('URL_FOUND');
100                         } // END - if
101
102                         // Remove new-line and carriage-return characters
103                         $TEST = str_replace(array(chr(10), chr(13)), array('', ''), postRequestElement('text'));
104
105                         // Text length within allowed length?
106                         if (strlen($TEST) > getConfig('max_tlength')) {
107                                 // Text is too long!
108                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('OVERLENGTH');
109                         } // END - if
110                 } // END - if
111
112                 // Shall I test the subject line against URLs?
113                 if (getConfig('allow_url_in_subject') == 'Y') {
114                         // Check the subject line for issues
115                         setPostRequestElement('subject', str_replace(chr(92), '[nl]', substr(postRequestElement('subject'), 0, 200)));
116                         if ((isInStringIgnoreCase('https://', postRequestElement('subject'))) || (isInStringIgnoreCase('http://', postRequestElement('subject'))) || (isInStringIgnoreCase('www', postRequestElement('subject')))) {
117                                 // URL in subject found
118                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('SUBJECT_URL');
119                         } // END - if
120                 } // END - if
121
122                 // And shall I check that his URL is not in the black list?
123                 if (isUrlBlacklistEnabled()) {
124                         // Ok, I do that for you know...
125                         $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1",
126                                 array(postRequestElement('url')), __FILE__, __LINE__);
127
128                         if (SQL_NUMROWS($result) == 1) {
129                                 // Jupp, we got one listed
130                                 list($blist) = SQL_FETCHROW($result);
131
132                                 // Create redirect-URL
133                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('BLIST_URL') . '&amp;blist=' . $blist;
134                         } // END - if
135
136                         // Free result
137                         SQL_FREERESULT($result);
138                 } // END - if
139
140                 // Enougth receivers entered?
141                 if ((postRequestElement('receiver') < getConfig('order_min')) && (!isAdmin())) {
142                         // Less than allowed receivers entered!
143                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_RECEIVERS3');
144                 } // END - if
145
146                 // Validate URL
147                 if (!isUrlValid(postRequestElement('url'))) {
148                         // URL is invalid!
149                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('INVALID_URL');
150                 } // END - if
151
152                 // Probe for HTML extension
153                 if (isExtensionActive('html_mail')) {
154                         // HTML or regular text mail?
155                         if (postRequestElement('html') == 'Y') {
156                                 // Chek for valid HTML tags
157                                 setPostRequestElement('text', checkHtmlTags(postRequestElement('text')));
158
159                                 // Maybe invalid tags found?
160                                 if (!isPostRequestElementSet('text')) $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('INVALID_TAGS')."&amp;id=".$id;
161                         } else {
162                                 // Remove any HTML code
163                                 setPostRequestElement('text', str_replace(array('<', '>'), array('{OPEN_HTML}', '{CLOSE_HTML}'), postRequestElement('text')));
164                         }
165                 } // END - if
166
167                 // Is mail type set?
168                 if ((!isPostRequestElementSet('mail_type')) || (postRequestElement('mail_type') < 1)) {
169                         // Not correctly set
170                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('NO_MAIL_TYPE');
171                 } // END - if
172         } elseif (!isAdmin()) {
173                 // He has already sent a mail within a specific time
174                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('URL_TIME_LOCK') . '&amp;id=' . $id;
175         }
176
177         // Still no error?
178         if (empty($url)) {
179                 // Check for userids
180                 $result = SQL_QUERY_ESC("SELECT
181         c.`userid`
182 FROM
183         `{?_MYSQL_PREFIX?}_user_cats` AS c
184 INNER JOIN
185         `{?_MYSQL_PREFIX?}_user_data` AS d
186 ON
187         c.`userid`=d.`userid`
188 WHERE
189         c.`cat_id`=%s AND
190         c.`userid` != %s AND
191         d.`status`='CONFIRMED'
192         " . runFilterChain('user_exclusion_sql', ' ') . " AND
193         d.`receive_mails` > 0
194 ORDER BY
195         d.`{?order_select?}` {?order_mode?}",
196                         array(
197                                 bigintval(postRequestElement('cat')),
198                                 getMemberId()
199                         ), __FILE__, __LINE__);
200
201                 // Do we enougth receivers left?
202                 if (SQL_NUMROWS($result) >= postRequestElement('receiver')) {
203                         // Load receivers from database
204                         $TEST = array(); $count = '0';
205                         while ($holidayContent = SQL_FETCHARRAY($result)) {
206                                 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
207                                         // Check for his holiday status
208                                         $result_holiday = SQL_QUERY_ESC("SELECT
209         `id`
210 FROM
211         `{?_MYSQL_PREFIX?}_user_holidays`
212 WHERE
213         `userid`=%s AND
214         `holiday_start` < UNIX_TIMESTAMP() AND
215         `holiday_end` > UNIX_TIMESTAMP()
216 LIMIT 1",
217                                                 array($holidayContent['userid']), __FILE__, __LINE__);
218                                         if (SQL_NUMROWS($result_holiday) == 1) {
219                                                 // Exclude user who are in holiday
220                                                 $holidayContent['userid'] = '0';
221                                         } // END - if
222
223                                         // Free memory
224                                         SQL_FREERESULT($result_holiday);
225                                 } // END - if
226
227                                 if ($holidayContent['userid'] > 0) {
228                                         // Add receiver
229                                         array_push($TEST, $holidayContent['userid']);
230                                         $count++;
231                                 } // END - if
232                         } // END - while
233
234                         // Free memory
235                         SQL_FREERESULT($result);
236
237                         // Implode array into string for the sending pool
238                         $receiver = implode($TEST, ';');
239
240                         // Count array for maximum sent
241                         $content['target_send'] = count($TEST);
242
243                         // Update receiver list
244                         SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s",
245                                 array(
246                                         convertReceivers($receiver),
247                                         bigintval($content['target_send'])
248                                 ), __FILE__, __LINE__);
249
250                         // Is calculated max receivers larger than wanted receivers then reset it
251                         if ($content['target_send'] > postRequestElement('receiver')) {
252                                 $content['target_send'] = bigintval(postRequestElement('receiver'));
253                         } // END - if
254
255                         // Calculate used points
256                         $usedPoints = $content['target_send'] * getPaymentData(bigintval(postRequestElement('mail_type')));
257
258                         // Fix empty zip code
259                         if (!isPostRequestElementSet('zip')) {
260                                 setPostRequestElement('zip', 0);
261                         } // END - if
262
263                         // Check if he has enougth points for this order and selected more than 0 receivers
264                         if (($usedPoints > 0) && ($usedPoints <= $totalPoints) && ($content['target_send'] > 0)) {
265                                 // Gettings points is okay, so we can add $usedPoints later from
266                                 if (($id == '0') || ($type != 'TEMP')) {
267                                         // New order
268                                         $id = '0';
269                                         if (isExtensionActive('html_mail')) {
270                                                 // HTML extension is active
271                                                 SQL_QUERY_ESC("INSERT INTO
272         `{?_MYSQL_PREFIX?}_pool`
273 (
274         `sender`,
275         `subject`,
276         `text`,
277         `receivers`,
278         `payment_id`,
279         `data_type`,
280         `timestamp`,
281         `url`,
282         `cat_id`,
283         `target_send`,
284         `zip`,
285         `html_msg`
286 ) VALUES (
287         %s,
288         '%s',
289         '%s',
290         '%s',
291         %s,
292         'TEMP',
293         UNIX_TIMESTAMP(),
294         '%s',
295         %s,
296         %s,
297         %s,
298         '%s'
299 )",
300                                                         array(
301                                                                 getMemberId(),
302                                                                 postRequestElement('subject'),
303                                                                 postRequestElement('text'),
304                                                                 $receiver,
305                                                                 bigintval(postRequestElement('mail_type')),
306                                                                 postRequestElement('url'),
307                                                                 bigintval(postRequestElement('cat')),
308                                                                 bigintval($content['target_send']),
309                                                                 bigintval(postRequestElement('zip'), true, false),
310                                                                 postRequestElement('html')
311                                                         ), __FILE__, __LINE__);
312                                         } else {
313                                                 // No HTML extension is active
314                                                 SQL_QUERY_ESC("INSERT INTO
315         `{?_MYSQL_PREFIX?}_pool`
316 (
317         `sender`,
318         `subject`,
319         `text`,
320         `receivers`,
321         `payment_id`,
322         `data_type`,
323         `timestamp`,
324         `url`,
325         `cat_id`,
326         `target_send`,
327         `zip`
328 ) VALUES (
329         %s,
330         '%s',
331         '%s',
332         '%s',
333         %s,
334         'TEMP',
335         UNIX_TIMESTAMP(),
336         '%s',
337         %s,
338         %s,
339         %s
340 )",
341                                                         array(
342                                                                 getMemberId(),
343                                                                 postRequestElement('subject'),
344                                                                 postRequestElement('text'),
345                                                                 $receiver,
346                                                                 bigintval(postRequestElement('mail_type')),
347                                                                 postRequestElement('url'),
348                                                                 bigintval(postRequestElement('cat')),
349                                                                 bigintval($content['target_send']),
350                                                                 bigintval(postRequestElement('zip'), true, false),
351                                                         ), __FILE__, __LINE__);
352                                         }
353                                 } else {
354                                         // Change current order
355                                         if (isExtensionActive('html_mail')) {
356                                                 // HTML extension is active
357                                                 SQL_QUERY_ESC("UPDATE
358         `{?_MYSQL_PREFIX?}_pool`
359 SET
360         `subject`='%s',
361         `text`='%s',
362         `receivers`='%s',
363         `payment_id`=%s,
364         `timestamp`=UNIX_TIMESTAMP(),
365         `url`='%s',
366         `cat_id`=%s,
367         `target_send`=%s,
368         `zip`=%s,
369         `html_msg`='%s'
370 WHERE
371         `id`=%s
372 LIMIT 1",
373                                                         array(
374                                                                 postRequestElement('subject'),
375                                                                 postRequestElement('text'),
376                                                                 $receiver,
377                                                                 bigintval(postRequestElement('mail_type')),
378                                                                 postRequestElement('url'),
379                                                                 bigintval(postRequestElement('cat')),
380                                                                 $content['target_send'],
381                                                                 bigintval(postRequestElement('zip')),
382                                                                 postRequestElement('html'),
383                                                                 bigintval($id)
384                                                         ), __FILE__, __LINE__);
385                                         } else {
386                                                 // No HTML extension is active
387                                                 SQL_QUERY_ESC("UPDATE
388         `{?_MYSQL_PREFIX?}_pool`
389 SET
390         `subject`='%s',
391         `text`='%s',
392         `receivers`='%s',
393         `payment_id`=%s,
394         `timestamp`=UNIX_TIMESTAMP(),
395         `url`='%s',
396         `cat_id`=%s,
397         `target_send`=%s,
398         `zip`=%s
399 WHERE
400         `id`=%s
401 LIMIT 1",
402                                                         array(
403                                                                 postRequestElement('subject'),
404                                                                 postRequestElement('text'),
405                                                                 $receiver,
406                                                                 bigintval(postRequestElement('mail_type')),
407                                                                 postRequestElement('url'),
408                                                                 bigintval(postRequestElement('cat')),
409                                                                 $content['target_send'],
410                                                                 bigintval(postRequestElement('zip')),
411                                                                 bigintval($id)
412                                                         ), __FILE__, __LINE__);
413                                         }
414                                 }
415
416                                 // Do we need to get the id number?
417                                 if ($id == '0') {
418                                         // Order is placed as temporary. We need to get it's id for the frametester
419                                         $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1",
420                                                 array(
421                                                         getMemberId(),
422                                                         postRequestElement('subject'),
423                                                         bigintval(postRequestElement('mail_type'))
424                                                 ), __FILE__, __LINE__);
425
426                                         // Get pool id
427                                         list($id) = SQL_FETCHROW($result);
428
429                                         // Free result
430                                         SQL_FREERESULT($result);
431                                 } // END - if
432
433                                 // id is received so we can redirect the user, used points will be added when he send's out the mail
434                                 $url = 'modules.php?module=frametester&amp;order=' . $id;
435                         } elseif ($content['target_send'] == '0') {
436                                 // Not enougth receivers found which can receive mails
437                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_RECEIVERS2');
438                         } else {
439                                 // No enougth points left!
440                                 $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_POINTS');
441                         }
442                 } else {
443                         // Ordered more mails than he can send in this category
444                         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('NO_RECS_LEFT');
445                 }
446         } // END - if
447 } elseif (postRequestElement('receiver') == '0') {
448         // Not enougth receivers selected
449         $url = 'modules.php?module=login&amp;what=order&amp;code=' . getCode('MORE_RECEIVERS1');
450 } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) {
451         // No more mail orders allowed
452         displayMessage('{--MEMBER_ORDER_ALLOWED_EXHAUSTED--}');
453 } elseif (getTotalUnconfirmedMails(getMemberId()) < getConfig('unconfirmed')) {
454         // Show only enabled categories to the user ...
455         $whereStatement = " WHERE `visible`='Y'";
456
457         // ... but all to the admin
458         if (isAdmin()) $whereStatement = '';
459
460         // Display order form
461         $result_cats = SQL_QUERY("SELECT
462         `id`,
463         `cat`
464 FROM
465         `{?_MYSQL_PREFIX?}_cats`
466 ".$whereStatement."
467 ORDER BY
468         `sort` ASC", __FILE__, __LINE__);
469
470         // Some categories found?
471         if (!SQL_HASZERONUMS($result_cats)) {
472                 // Enought points left?
473                 if ($totalPoints > 0) {
474                         // Initialize array...
475                         $categories = array(
476                                 'id'      => array(),
477                                 'name'    => array(),
478                                 'userids' => array()
479                         );
480
481                         // Enable HTML checking
482                         // @TODO Rewrite this to a filter
483                         $HTML = ''; $HOL_STRING = '';
484                         if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
485                                 $HTML = " AND `html`='Y'";
486                         } // END - if
487                         if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
488                                 // Extension's version is fine
489                                 $HOL_STRING = " AND `holiday_active`='N'";
490                         } // END - if
491
492                         // ... and begin loading stuff
493                         while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
494                                 $categories['id'][]   = bigintval($categoriesContent['id']);
495                                 array_push($categories['name'], $categoriesContent['cat']);
496
497                                 // Select users in current category
498                                 $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC",
499                                         array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__);
500
501                                 $userid_cnt = '0';
502                                 while (list($userid) = SQL_FETCHROW($result_userids)) {
503                                         // Check for holiday system
504                                         $isHolidayActive = false;
505                                         if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
506                                                 // Check user's holiday status
507                                                 $result_holiday = SQL_QUERY_ESC("SELECT
508         COUNT(d.`userid`) AS `cnt`
509 FROM
510         `{?_MYSQL_PREFIX?}_user_data` AS d
511 LEFT JOIN
512         `{?_MYSQL_PREFIX?}_user_holidays` AS h
513 ON
514         d.`userid`=h.`userid`
515 WHERE
516         d.`userid`=%s AND
517         d.`receive_mails` > 0 AND
518         d.`status`='CONFIRMED' AND
519         d.`holiday_active`='Y' AND
520         h.`holiday_start` < UNIX_TIMESTAMP() AND
521         h.`holiday_end` > UNIX_TIMESTAMP()
522 LIMIT 1",
523                                                         array(bigintval($userid)), __FILE__, __LINE__);
524
525                                                 // Fetch entry
526                                                 list($count) = SQL_FETCHROW($result_holiday);
527
528                                                 // Free memory
529                                                 SQL_FREERESULT($result_holiday);
530
531                                                 // Is holiday is active?
532                                                 $isHolidayActive = ($count == 1);
533                                         } // END - if
534
535                                         if ($isHolidayActive === false) {
536                                                 // Check if the user want's to receive mails?
537                                                 $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1",
538                                                         array(bigintval($userid)), __FILE__, __LINE__);
539
540                                                 if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestElementSet('zip')) && (isOrderMultiPageEnabled())) {
541                                                         // Get zip code
542                                                         list($zip) = SQL_FETCHROW($result_ver);
543                                                         if (substr($zip, 0, strlen(postRequestElement('zip'))) == postRequestElement('zip')) {
544                                                                 // Ok, ZIP code part is found
545                                                                 $userid_cnt++;
546                                                         } // END - if
547                                                 } else {
548                                                         // Count numbers up!
549                                                         $userid_cnt += SQL_NUMROWS($result_ver);
550                                                 }
551
552                                                 // Free result
553                                                 SQL_FREERESULT($result_ver);
554                                         } // END - if
555                                 } // END - while
556
557                                 // Free memory
558                                 SQL_FREERESULT($result_userids);
559                                 array_push($categories['userids'], $userid_cnt);
560                         } // END - while
561
562                         // Free memory
563                         SQL_FREERESULT($result_cats);
564
565                         // Now we need to load the mail types...
566                         $result = SQL_QUERY("SELECT `id`,`price`,`payment`,`mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__);
567
568                         $types = array();
569                         if (!SQL_HASZERONUMS($result)) {
570                                 // Is the error code set?
571                                 if (isGetRequestElementSet('code')) {
572                                         // Display error message
573                                         displayMessage(getMessageFromErrorCode(getRequestElement('code')));
574                                 } // END - if
575
576                                 // Load all email types...
577                                 while ($type = SQL_FETCHARRAY($result)) {
578                                         array_push($types, $type);
579                                 } // END - while
580
581                                 // Free memory
582                                 SQL_FREERESULT($result);
583
584                                 // Output user's points
585                                 $content['total_points'] = $totalPoints;
586
587                                 // Check how many mail orders he has placed today and how many he's allowed to send
588                                 switch (getConfig('order_max_full')) {
589                                         case 'MAX': // He is allowed to send as much as possible
590                                                 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_MAX--}';
591                                                 break;
592
593                                         case 'ORDER': // He is allowed to send as much as he setup the receiving value
594                                                 $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, getUserData('receive_mails'));
595                                                 break;
596
597                                         default: // Unknown/invalid
598                                                 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full')));
599                                                 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_UNKNOWN--}';
600                                                 break;
601                                 } // END - switch
602
603                                 // Load final template
604                                 loadTemplate('member_order_points', false, $content);
605
606                                 // Reset variables
607                                 $OLD_ORDER = false;
608                                 $subject = '';
609                                 $text = '';
610                                 $target = '';
611
612                                 // Check if we already have an order placed and make it editable
613                                 $result = SQL_QUERY_ESC("SELECT
614         `subject`,
615         `text`,
616         `payment_id`,
617         `timestamp`,
618         `url`,
619         `target_send`,
620         `cat_id`,
621         `zip`
622 FROM
623         `{?_MYSQL_PREFIX?}_pool`
624 WHERE
625         `sender`=%s AND
626         `data_type`='TEMP'
627 LIMIT 1",
628                                         array(getMemberId()), __FILE__, __LINE__);
629
630                                 if (SQL_NUMROWS($result) == 1) {
631                                         // Old order found
632                                         $content = merge_array($content, SQL_FETCHARRAY($result));
633
634                                         // Fix max receivers when it is too much
635                                         if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) {
636                                                 // Fix it
637                                                 $content['target_send'] = $categories['userids'][$content['cat_id']];
638                                         } // END - if
639
640                                         // Old order is grabbed
641                                         $OLD_ORDER = true;
642                                 } else {
643                                         // Default output for that your members don't forget it...
644                                         $content['url']         = 'http://';
645                                         $content['target_send'] = '{?order_min?}';
646                                         $content['subject']     = '';
647                                         $content['text']        = '';
648                                 }
649
650                                 // Free result
651                                 SQL_FREERESULT($result);
652
653                                 if ((isPostRequestElementSet('data')) || ((getOrderMultiPage() != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
654                                         // Pre-output categories
655                                         $content['category_selection'] = generateCategoryOptionsList(((isExtensionActive('html_mail')) && (isPostRequestElementSet('html'))) ? postRequestElement('html') : 'N', getMemberId());
656
657                                         // Mail type
658                                         $content['type_selection'] = '';
659                                         foreach ($types as $key => $value) {
660                                                 if (is_array($value)) {
661                                                         // Output option line
662                                                         $content['type_selection'] .= '      <option value="' . $types[$key]['id'] . '"';
663                                                         if (($OLD_ORDER) && ($content['payment_id'] == $types[$key]['id'])) $content['type_selection'] .= ' selected="selected"';
664                                                         $content['type_selection'] .= '>{%pipe,translateComma=' . $types[$key]['price'] . '%} {--PER_MAIL--} - ' . $types[$key]['mail_title'] . ' - ' . round($types[$key]['payment']) . ' {--PAYMENT--}</option>';
665                                                 } // END - if
666                                         } // END - foreach
667
668                                         // No content is default
669                                         $content['zip_content'] = '';
670
671                                         if (isPostRequestElementSet('zip')) {
672                                                 // Output entered ZIP code
673                                                 $content['zip_content'] = loadTemplate('member_order_zip2', true, postRequestElement('zip'));
674                                         } // END - if
675
676                                         // No HTML extension installed by default
677                                         $content['html_extension'] = '<input type="hidden" name="html" value="N" />';
678
679                                         // HTML extension
680                                         if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
681                                                 // Extension is active so output valid HTML tags
682                                                 $content['html_extension'] = loadTemplate('member_order_html_ext', true);
683                                         } // END - if
684
685                                         // Output form for page 2
686                                         loadTemplate('member_order_page2', false, $content);
687                                 } else {
688                                         // No HTML extension installed by default
689                                         $content['html_extension'] = '<input type="hidden" name="html" value="N" />';
690
691                                         // Remember maybe entered ZIP code in constant
692                                         if (isExtensionActive('html_mail')) {
693                                                 // Add some content when html extension is active
694                                                 $content['html_extension'] = loadTemplate('member_order_html_intro', true);
695                                         } // END - if
696
697                                         // Default is no ZIP code
698                                         $content['zip_content'] = '';
699
700                                         // Do we want ZIP code or not?
701                                         if ((isOrderMultiPageEnabled()) || (isAdmin())) {
702                                                 // Yes
703                                                 if (postRequestElement('zip') > 0) {
704                                                         $data = array(
705                                                                 'zip' => bigintval(postRequestElement('zip'))
706                                                         );
707                                                 } else {
708                                                         $data = array(
709                                                                 'zip' => ''
710                                                         );
711                                                 }
712                                                 $content['zip_content'] = loadTemplate('member_order_zip1', true, $data);
713                                         } // END - if
714
715                                         // Output form for page 1 (ZIP code or HTML)
716                                         loadTemplate('member_order_page1', false, $content);
717                                 }
718                         } else {
719                                 // No mail types defined
720                                 displayMessage('<span class="bad">{--MEMBER_ORDER_NO_PAYMENTS--}</span>');
721                         }
722                 } else {
723                         // No points left
724                         displayMessage('<span class="bad">{--MEMBER_ORDER_NO_POINTS--}</span>');
725                 }
726         } else {
727                 // No cateogries are defined yet
728                 displayMessage('<span class="bad">{--MEMBER_NO_CATEGORIES--}</span>');
729         }
730 } else {
731         // Please confirm some mails first
732         displayMessage('<span class="notice">{%message,MEMBER_ORDER_LINKS_LEFT=' . getTotalUnconfirmedMails(getMemberId()) . '%}</span>');
733 }
734
735 if (!empty($url)) {
736         // Redirect to requested URL
737         redirectToUrl($url);
738 } // END - if
739
740 // [EOF]
741 ?>