2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 10/19/2003 *
4 * =================== Last change: 08/26/2004 *
6 * -------------------------------------------------------------------- *
7 * File : what-order.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Order mails here *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Hier koennen Ihre Mitglieder Mails buchen *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * Copyright (c) 2009, 2010 by Mailer Developer Team *
22 * For more information visit: http://www.mxchange.org *
24 * This program is free software; you can redistribute it and/or modify *
25 * it under the terms of the GNU General Public License as published by *
26 * the Free Software Foundation; either version 2 of the License, or *
27 * (at your option) any later version. *
29 * This program is distributed in the hope that it will be useful, *
30 * GNU General Public License for more details. *
32 * You should have received a copy of the GNU General Public License *
33 * along with this program; if not, write to the Free Software *
34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
36 ************************************************************************/
38 // Some security stuff...
39 if (!defined('__SECURITY')) {
41 } elseif (!isMember()) {
42 redirectToIndexMemberOnlyModule();
45 // Add description as navigation point
46 addMenuDescription('member', __FILE__);
48 if ((!isExtensionActive('order')) && (!isAdmin())) {
49 loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('order'));
55 // Count unconfirmed mails
56 $links = countSumTotalData(getMemberId(), 'user_links', 'id', 'userid', true);
58 $ALLOWED = getUserData('receive_mails') - getUserData('mail_orders');
59 if (getConfig('order_max_full') == 'MAX') $ALLOWED = getUserData('receive_mails');
61 // Now check his points amount
62 $total = getTotalPoints(getMemberId());
64 if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (getUserData('holiday_active') == 'Y')) {
66 loadTemplate('admin_settings_saved', false, '{--MEMBER_HOLIDAY_ORDER_NOT_POSSIBLE--}');
67 } elseif ((isPostRequestParameterSet('frametester')) && ($ALLOWED > 0) && (postRequestParameter('receiver') > 0)) {
68 // Continue with the frametester, we first need to store the data temporary in the pool
70 // First we would like to store the data and get it's pool position back...
71 $result = SQL_QUERY_ESC("SELECT `id`, `data_type`
73 `{?_MYSQL_PREFIX?}_pool`
77 `timestamp` > (UNIX_TIMESTAMP() - {?url_tlock?})
81 postRequestParameter('url')
82 ), __FILE__, __LINE__);
84 $type = 'TEMP'; $id = '0';
85 if (SQL_NUMROWS($result) == 1) {
86 // Load id and mail type
87 list($id, $type) = SQL_FETCHROW($result);
91 SQL_FREERESULT($result);
93 if ($type == 'TEMP') {
94 // No entry found, so we need to check out the stats table as well... :)
95 // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
97 if (getConfig('allow_url_in_text') == 'Y') {
98 // Test submitted text against some filters (length, URLs in text etc.)
99 if ((strpos(strtolower(postRequestParameter('text')), 'https://') > -1) || (strpos(strtolower(postRequestParameter('text')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('text')), "www") > -1)) {
101 $url = 'modules.php?module=login&what=order&code=' . getCode('URL_FOUND');
104 // Remove new-line and carriage-return characters
105 $TEST = str_replace("\n", '', str_replace("\r", '', postRequestParameter('text')));
107 // Text length within allowed length?
108 if (strlen($TEST) > getConfig('max_tlength')) {
110 $url = 'modules.php?module=login&what=order&code=' . getCode('OVERLENGTH');
114 // Shall I test the subject line against URLs?
115 if (getConfig('allow_url_in_subject') == 'Y') {
116 // Check the subject line for issues
117 setPostRequestParameter('subject', str_replace("\\", '[nl]', substr(postRequestParameter('subject'), 0, 200)));
118 if ((strpos(strtolower(postRequestParameter('subject')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('subject')), "www") > -1)) {
119 // URL in subject found
120 $url = 'modules.php?module=login&what=order&code=' . getCode('SUBJECT_URL');
124 // And shall I check that his URL is not in the black list?
125 if (isUrlBlaskEnabled()) {
126 // Ok, I do that for you know...
127 $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1",
128 array(postRequestParameter('url')), __FILE__, __LINE__);
130 if (SQL_NUMROWS($result) == 1) {
131 // Jupp, we got one listed
132 list($blist) = SQL_FETCHROW($result);
134 // Create redirect-URL
135 $url = 'modules.php?module=login&what=order&code=' . getCode('BLIST_URL') . '&blist=' . $blist;
139 SQL_FREERESULT($result);
142 // Enougth receivers entered?
143 if ((postRequestParameter('receiver') < getConfig('order_min')) && (!isAdmin())) {
144 // Less than allowed receivers entered!
145 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS3');
149 if (!isUrlValid(postRequestParameter('url'))) {
151 $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_URL');
154 // Probe for HTML extension
155 if (isExtensionActive('html_mail')) {
156 // HTML or regular text mail?
157 if (postRequestParameter('html') == 'Y') {
158 // Chek for valid HTML tags
159 setPostRequestParameter('text', checkHtmlTags(postRequestParameter('text')));
161 // Maybe invalid tags found?
162 if (!isPostRequestParameterSet('text')) $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS')."&id=".$id;
164 // Remove any HTML code
165 setPostRequestParameter('text', str_replace('<', '{OPEN_HTML}', str_replace('>', '{CLOSE_HTML}', postRequestParameter('text'))));
170 if ((!isPostRequestParameterSet('mail_type')) || (postRequestParameter('mail_type') < 1)) {
172 $url = 'modules.php?module=login&what=order&code=' . getCode('NO_MAIL_TYPE');
174 } elseif (!isAdmin()) {
175 // He has already sent a mail within a specific time
176 $url = 'modules.php?module=login&what=order&code=' . getCode('URL_TIME_LOCK') . '&id=' . $id;
181 // Check if category and number of receivers is okay
183 if ((getConfig('order_multi_page') == 'Y') && (isPostRequestParameterSet('zip')) && (postRequestParameter('zip') != '')) {
184 // Choose recipients by ZIP code
185 $add = sprintf(" AND d.zip LIKE '%s%%'",
186 bigintval(postRequestParameter('zip'))
191 $result = SQL_QUERY_ESC("SELECT
194 `{?_MYSQL_PREFIX?}_user_cats` AS c
196 `{?_MYSQL_PREFIX?}_user_data` AS d
202 d.`status`='CONFIRMED' AND
206 d.{?order_select?} {?order_mode?}",
208 bigintval(postRequestParameter('cat')),
210 ), __FILE__, __LINE__);
212 // Do we enougth receivers left?
213 if (SQL_NUMROWS($result) >= postRequestParameter('receiver')) {
214 // Load receivers from database
215 $TEST = array(); $cnt = '0';
216 while ($holidayContent = SQL_FETCHARRAY($result)) {
217 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
218 // Check for his holiday status
219 $result_holiday = SQL_QUERY_ESC("SELECT
222 `{?_MYSQL_PREFIX?}_user_holidays`
224 `userid`=%s AND `holiday_start` < UNIX_TIMESTAMP() AND `holiday_end` > UNIX_TIMESTAMP()
226 array($holidayContent['userid']), __FILE__, __LINE__);
227 if (SQL_NUMROWS($result_holiday) == 1) $holidayContent['userid'] = '0'; // Exclude user who are in holiday
230 SQL_FREERESULT($result_holiday);
233 if ($holidayContent['userid'] > 0) {
235 $TEST[] = $holidayContent['userid'];
241 SQL_FREERESULT($result);
243 // Implode array into string for the sending pool
244 $receiver = implode($TEST, ';');
246 // Count array for maximum sent
247 $content['target_send'] = count($TEST);
249 // Update receiver list
250 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s",
252 convertReceivers($receiver),
253 $content['target_send']
254 ), __FILE__, __LINE__);
256 // Is calculated max receivers larger than wanted receivers then reset it
257 if ($content['target_send'] > postRequestParameter('receiver')) $content['target_send'] = bigintval(postRequestParameter('receiver'));
259 // Calculate used points
260 $USED = $content['target_send'] * getPaymentPoints(bigintval(postRequestParameter('mail_type')));
262 // Fix empty zip code
263 if (!isPostRequestParameterSet('zip')) setPostRequestParameter('zip', 0);
265 // Check if he has enougth points for this order and selected more than 0 receivers
266 if (($USED > 0) && ($USED <= $total) && ($content['target_send'] > 0)) {
267 // Gettings points is okay, so we can add $USED later from
268 if (($id == '0') || ($type != 'TEMP')) {
271 if (isExtensionActive('html_mail')) {
272 // HTML extension is active
273 SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` (`sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`, `html_msg`)
274 VALUES (%s,'%s','%s','%s','%s','TEMP',UNIX_TIMESTAMP(),'%s',%s,%s,%s,'%s')",
277 postRequestParameter('subject'),
278 postRequestParameter('text'),
280 bigintval(postRequestParameter('mail_type')),
281 postRequestParameter('url'),
282 bigintval(postRequestParameter('cat')),
283 $content['target_send'],
284 bigintval(postRequestParameter('zip'), true, false),
285 postRequestParameter('html')
286 ), __FILE__, __LINE__);
288 // No HTML extension is active
289 SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` (`sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`)
290 VALUES (%s,'%s','%s','%s','%s','TEMP',UNIX_TIMESTAMP(),'%s',%s,%s,%s)",
293 postRequestParameter('subject'),
294 postRequestParameter('text'),
296 bigintval(postRequestParameter('mail_type')),
297 postRequestParameter('url'),
298 bigintval(postRequestParameter('cat')),
299 $content['target_send'],
300 bigintval(postRequestParameter('zip'), true, false),
301 ), __FILE__, __LINE__);
304 // Change current order
305 if (isExtensionActive('html_mail')) {
306 // HTML extension is active
307 SQL_QUERY_ESC("UPDATE
308 `{?_MYSQL_PREFIX?}_pool`
314 `timestamp`=UNIX_TIMESTAMP(),
324 postRequestParameter('subject'),
325 postRequestParameter('text'),
327 bigintval(postRequestParameter('mail_type')),
328 postRequestParameter('url'),
329 bigintval(postRequestParameter('cat')),
330 $content['target_send'],
331 bigintval(postRequestParameter('zip')),
332 postRequestParameter('html'),
334 ), __FILE__, __LINE__);
336 // No HTML extension is active
337 SQL_QUERY_ESC("UPDATE
338 `{?_MYSQL_PREFIX?}_pool`
344 `timestamp`=UNIX_TIMESTAMP(),
353 postRequestParameter('subject'),
354 postRequestParameter('text'),
356 bigintval(postRequestParameter('mail_type')),
357 postRequestParameter('url'),
358 bigintval(postRequestParameter('cat')),
359 $content['target_send'],
360 bigintval(postRequestParameter('zip')),
362 ), __FILE__, __LINE__);
366 // Do we need to get the id number?
368 // Order is placed as temporary. We need to get it's id for the frametester
369 $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1",
372 postRequestParameter('subject'),
373 bigintval(postRequestParameter('mail_type'))
374 ), __FILE__, __LINE__);
377 list($id) = SQL_FETCHROW($result);
380 SQL_FREERESULT($result);
383 // id is received so we can redirect the user, used points will be added when he send's out the mail
384 $url = 'modules.php?module=frametester&order=' . $id;
385 } elseif ($content['target_send'] == '0') {
386 // Not enougth receivers found which can receive mails
387 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS2');
389 // No enougth points left!
390 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_POINTS');
393 // Ordered more mails than he can send in this category
394 $url = 'modules.php?module=login&what=order&code=' . getCode('NO_RECS_LEFT');
397 } elseif (postRequestParameter('receiver') == '0') {
398 // Not enougth receivers selected
399 $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS1');
400 } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) {
401 // No more mail orders allowed
402 loadTemplate('admin_settings_saved', false, '{--MEMBER_ORDER_ALLOWED_EXHAUSTED--}');
403 } elseif ($links < getConfig('unconfirmed')) {
404 // Show only enabled categories to the user ...
405 $whereStatement = " WHERE `visible`='Y'";
407 // ... but all to the admin
408 if (isAdmin()) $whereStatement = '';
410 // Display order form
411 $result_cats = SQL_QUERY("SELECT
414 `{?_MYSQL_PREFIX?}_cats`
417 `sort` ASC", __FILE__, __LINE__);
418 if (!SQL_HASZERONUMS($result_cats)) {
420 // Initialize array...
427 // Enable HTML checking
428 // @TODO Rewrite this to a filter
429 $HTML = ''; $HOL_STRING = '';
430 if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) $HTML = " AND `html`='Y'";
431 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
432 // Extension's version is fine
433 $HOL_STRING = " AND `holiday_active`='N'";
436 // ... and begin loading stuff
437 while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
438 $categories['id'][] = bigintval($categoriesContent['id']);
439 $categories['name'][] = $categoriesContent['cat'];
441 // Select users in current category
442 $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC",
443 array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__);
446 while (list($ucat) = SQL_FETCHROW($result_userids)) {
447 // Check for holiday system
448 $isHolidayActive = false;
449 if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
450 // Check user's holiday status
451 $result_holiday = SQL_QUERY_ESC("SELECT
452 COUNT(d.userid) AS `cnt`
454 `{?_MYSQL_PREFIX?}_user_data` AS d
456 `{?_MYSQL_PREFIX?}_user_holidays` AS h
461 d.receive_mails > 0 AND
462 d.`status`='CONFIRMED' AND
463 d.`holiday_active`='Y' AND
464 h.holiday_start < UNIX_TIMESTAMP() AND
465 h.holiday_end > UNIX_TIMESTAMP()
467 array(bigintval($ucat)), __FILE__, __LINE__);
470 list($cnt) = SQL_FETCHROW($result);
473 SQL_FREERESULT($result_holiday);
475 // Is holiday is active?
476 $isHolidayActive = ($cont == 1);
479 if ($isHolidayActive === false) {
480 // Check if the user want's to receive mails?
481 $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1",
482 array(bigintval($ucat)), __FILE__, __LINE__);
484 if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestParameterSet('zip')) && (getConfig('order_multi_page') == 'Y')) {
486 list($zip) = SQL_FETCHROW($result_ver);
487 if (substr($zip, 0, strlen(postRequestParameter('zip'))) == postRequestParameter('zip')) {
488 // Ok, ZIP part is found
493 $userid_cnt += SQL_NUMROWS($result_ver);
497 SQL_FREERESULT($result_ver);
502 SQL_FREERESULT($result_userids);
503 $categories['userids'][] = $userid_cnt;
507 SQL_FREERESULT($result_cats);
509 // Now we need to load the mail types...
510 $result = SQL_QUERY("SELECT `id`, `price`, `payment`, `mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__);
513 if (!SQL_HASZERONUMS($result)) {
514 // Check for message id in URL
515 $message = getMessageFromErrorCode(getRequestParameter('code'));
517 if (!empty($message)) {
518 // We got system message so we drop it out to the user
519 loadTemplate('admin_settings_saved', false, $message);
522 // Load all email types...
523 while ($types[] = SQL_FETCHROW($result)) {
524 // Nothing to do here... ;-)
528 SQL_FREERESULT($result);
530 // Output user's points
531 $content['total'] = translateComma($total);
533 // Check how many mail orders he has placed today and how many he's allowed to send
534 switch (getConfig('order_max_full')) {
535 case 'MAX': // He is allowed to send as much as possible
536 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_MAX--}';
539 case 'ORDER': // He is allowed to send as much as he setup the receiving value
540 $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, getUserData('receive_mails'));
543 default: // Unknown/invalid
544 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full')));
545 $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_UNKNOWN--}';
549 // Load final template
550 loadTemplate('member_order_points', false, $content);
558 // Check if we already have an order placed and make it editable
559 $result = SQL_QUERY_ESC("SELECT
560 `subject`, `text`, `payment_id`, `timestamp`, `url`, `target_send`, `cat_id`, `zip`
562 `{?_MYSQL_PREFIX?}_pool`
567 array(getMemberId()), __FILE__, __LINE__);
569 if (SQL_NUMROWS($result) == 1) {
571 $content = merge_array($content, SQL_FETCHARRAY($result));
573 // Fix max receivers when it is too much
574 if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) {
576 $content['target_send'] = $categories['userids'][$content['cat_id']];
579 // Old order is grabbed
582 // Default output for that your members don't forget it...
583 $content['url'] = 'http://';
584 $content['target_send'] = getConfig('order_min');
585 $content['subject'] = '{--ORDER_DEFAULT_SUBJECT--}';
586 $content['text'] = '{--ORDER_DEFAULT_TEXT--}';
590 SQL_FREERESULT($result);
592 if ((isPostRequestParameterSet('data')) || ((getConfig('order_multi_page') != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
593 // Pre-output categories
594 $content['category_selection'] = '';
595 foreach ($categories['id'] as $key => $value) {
596 $content['category_selection'] .= ' <option value="' . $value . '"';
597 if (($OLD_ORDER) && ($content['cat_id'] == $value)) $content['category_selection'] .= ' selected="selected"';
598 $content['category_selection'] .= '>' . $categories['name'][$key]." (".$categories['userids'][$key] . ' {--USER_IN_CAT--})</option>';
602 $content['type_selection'] = '';
603 foreach ($types as $key => $value) {
604 $P = translateComma($types[$key][1]);
605 if (is_array($value)) {
606 // Output option line
607 $content['type_selection'] .= ' <option value="' . $types[$key][0] . '"';
608 if (($OLD_ORDER) && ($content['payment_id'] == $types[$key][0])) $content['type_selection'] .= ' selected="selected"';
609 $content['type_selection'] .= '>' . $P . ' {--PER_MAIL--} - ' . $types[$key][3] . ' - ' . round($types[$key][2]) . ' {--PAYMENT--}</option>';
613 // No content is default
614 $content['zip_content'] = '';
616 if (isPostRequestParameterSet('zip')) {
617 // Output entered ZIP code
618 $content['zip_content'] = loadTemplate('member_order-zip2', true, postRequestParameter('zip'));
622 if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) {
623 // Extension is active so output valid HTML tags
624 $content['html_extension'] = loadTemplate('member_order-html_ext', true, addValidHtmlTags());
626 // Extension not active and/or class not uploaded
627 $content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
630 // Output form for page 2
631 loadTemplate('member_order_page2', false, $content);
633 // Remember maybe entered ZIP code in constant
634 if (isExtensionActive('html_mail')) {
635 // Add some content when html extension is active
636 $content['html_extension'] = loadTemplate('member_order-html_intro', true);
638 // No HTML extension installed
639 $content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
642 // Default is no ZIP code
643 $content['zip_content'] = '';
645 // Do we want ZIP code or not?
646 if ((getConfig('order_multi_page') == 'Y') || (isAdmin())) {
648 if (postRequestParameter('zip') > 0) {
650 'zip' => bigintval(postRequestParameter('zip'))
657 $content['zip_content'] = loadTemplate('member_order-zip1', true, $data);
660 // Output form for page 1 (ZIP code or HTML)
661 loadTemplate('member_order_page1', false, $content);
664 // No mail types defined
665 loadTemplate('admin_settings_saved', false, '<span class="notice">{--MEMBER_NO_PAYMENTS--}</span>');
669 loadTemplate('admin_settings_saved', false, '<span class="notice">{--MEMBER_NO_POINTS--}</span>');
672 // No cateogries are defined yet
673 loadTemplate('admin_settings_saved', false, '<span class="notice">{--MEMBER_NO_CATEGORIES--}</span>');
676 // Please confirm some mails first
677 loadTemplate('admin_settings_saved', false, getMaskedMessage('MEMBER_LINKS_LEFT'), $links);
681 // Redirect to requested URL
projects / mailer.git / blob