Fixes for sql_patches removal vs. password reset of admin
[mailer.git] / inc / modules / member / what-wernis.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 04/12/2004 *
4  * ================                             Last change: 11/16/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-wernis.php                                  *
8  * -------------------------------------------------------------------- *
9  * Short description : Wernis requests                                  *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Auszahlungsanfragen                              *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
37         require($INC);
38 } elseif (!IS_LOGGED_IN()) {
39         // User is not logged in
40         LOAD_URL("modules.php?module=index");
41 } elseif ((!EXT_IS_ACTIVE("wernis")) && (!IS_ADMIN())) {
42         // Extension "wernis" is not activated
43         ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "wernis");
44         return;
45 }
46
47 // Add description as navigation point
48 ADD_DESCR("member", basename(__FILE__));
49
50 // Check if the admin has entered the data
51 if ((empty($_CONFIG['wernis_api_id'])) || (empty($_CONFIG['wernis_api_md5']))) {
52         // Something important is missing...
53         LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_API_DATA_MISSING);
54         return;
55 }
56
57 // Init the content array and points
58 $content = array(); $points = false;
59
60 // Is the mode set (withdraw or payout)
61 if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
62         // Let the user choose what he wants to do
63         $content['refid'] = bigintval($_CONFIG['wernis_refid']);
64
65         // Get WDS66 id
66         $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
67                 array($GLOBALS['userid']), __FILE__, __LINE__);
68
69         // Are there some entries?
70         if (SQL_NUMROWS($result) == 1) {
71                 // Fetch ID
72                 list($content['wds66_id']) = SQL_FETCHROW($result);
73         }
74
75         // Free result
76         SQL_FREERESULT($result);
77
78         // Is there an ID?
79         if ((!empty($content['wds66_id'])) && (!isset($_GET['mode']))) {
80                 // Then use an other "mode"
81                 $_GET['mode'] = "list";
82
83                 // And load all rows!
84                 $result = SQL_QUERY_ESC("SELECT `id`, `wernis_account`, `wernis_amount`, `wernis_timestamp`, `wernis_type` FROM "._MYSQL_PREFIX."_user_wernis WHERE `userid` = %d ORDER BY `wernis_timestamp` DESC",
85                         array($GLOBALS['userid']), __FILE__, __LINE__);
86
87                 // Load all rows
88                 $content['rows'] = ""; $SW = 2;
89                 while ($data = SQL_FETCHARRAY($result)) {
90                         // Prepare data for output
91                         $rowContent = array(
92                                 'stamp'                 => MAKE_DATETIME($data['wernis_timestamp'], "2"),
93                                 'points'                => TRANSLATE_COMMA($data['wernis_amount']),
94                                 'acc'                   => bigintval($data['wernis_account']),
95                                 'status'                => WERNIS_TRANSFER_STATUS($data['wernis_type']),
96                                 'raw_type'              => strtolower($data['wernis_type']),
97                                 'sw'                    => $SW,
98                         );
99
100                         // Load row template
101                         $content['rows'] .= LOAD_TEMPLATE("member_wernis_mode_list_row", true, $rowContent);
102                         $SW = 3 - $SW;
103                 }
104
105                 // Free result
106                 SQL_FREERESULT($result);
107         } else {
108                 // Mode chooser! ;-)
109                 $_GET['mode'] = "choose";
110         }
111 } elseif ($_GET['mode'] == "pay") {
112         // Get total points and check if the user can request a payout
113         $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
114
115         // No dots here...
116         $points = explode(".", $points);
117         $points = bigintval($points[0]);
118
119         // Remove the registration fee
120         $points = $points - $_CONFIG['points_register'];
121
122         // Is this enougth for a payout?
123         if ($points < $_CONFIG['wernis_min_payout']) {
124                 // No, then abort here
125                 LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MIN_PAYOUT_PAYOUT, TRANSLATE_COMMA($_CONFIG['wernis_min_payout'])));
126                 return;
127         }
128
129         // Add points to content array
130         $content['points']              = $points;
131         $content['min_points']  = TRANSLATE_COMMA($_CONFIG['wernis_min_payout']);
132
133         // Get WDS66 id
134         $content['wds66_id'] = "";
135         $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
136                 array($GLOBALS['userid']), __FILE__, __LINE__);
137
138         // Are there some entries?
139         if (SQL_NUMROWS($result) == 1) {
140                 // Fetch ID
141                 list($content['wds66_id']) = SQL_FETCHROW($result);
142         }
143
144         // Free result
145         SQL_FREERESULT($result);
146 } elseif ($_GET['mode'] == "withdraw") {
147         // Get total points for just displaying them
148         $points = GET_TOTAL_DATA($GLOBALS['userid'], "user_points", "points") - GET_TOTAL_DATA($GLOBALS['userid'], "user_data", "used_points");
149
150         // Prepare data for the template
151         $content['points']              = TRANSLATE_COMMA($points);
152         $content['min_points']  = TRANSLATE_COMMA($_CONFIG['wernis_min_withdraw']);
153         $content['wds66_id']    = "";
154
155         // Get WDS66 id
156         $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
157                 array($GLOBALS['userid']), __FILE__, __LINE__);
158
159         // Are there some entries?
160         if (SQL_NUMROWS($result) == 1) {
161                 // Fetch ID
162                 list($content['wds66_id']) = SQL_FETCHROW($result);
163         }
164
165         // Free result
166         SQL_FREERESULT($result);
167 } else {
168         // Invalid mode!
169         LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
170         return;
171 }
172
173 // Is the formular sent?
174 if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
175         // Check input data depending on the mode and execute the requested mode
176         switch ($_GET['mode']) {
177                 case "withdraw": // Widthdraws WDS66 -> This exchange
178                         // Is the user ID and password set?
179                         if (empty($_POST['wds66_id'])) {
180                                 // Nothing entered in WDS66 user ID
181                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_USERNAME);
182                                 OUTPUT_HTML("<br />");
183                         } elseif (empty($_POST['wds66_password'])) {
184                                 // Nothing entered in WDS66 password
185                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_PASSWORD);
186                                 OUTPUT_HTML("<br />");
187                         } elseif (empty($_POST['amount'])) {
188                                 // Nothing entered in amount
189                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_AMOUNT);
190                                 OUTPUT_HTML("<br />");
191                         } elseif ($_POST['wds66_id'] != bigintval($_POST['wds66_id'])) {
192                                 // Only numbers in account ID!
193                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_USERNAME);
194                                 OUTPUT_HTML("<br />");
195                         } elseif ($_POST['amount'] != bigintval($_POST['amount'])) {
196                                 // Only numbers in amount!
197                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_AMOUNT);
198                                 OUTPUT_HTML("<br />");
199                         } elseif ($_POST['amount'] < $_CONFIG['wernis_min_withdraw']) {
200                                 // Not enougth entered!
201                                 LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_AMOUNT_SMALLER_MIN, bigintval($_CONFIG['wernis_min_withdraw'])));
202                                 OUTPUT_HTML("<br />");
203                         } else {
204                                 // All is fine here so do the withdraw
205                                 $success = WERNIS_EXECUTE_WITHDRAW($_POST['wds66_id'], md5($_POST['wds66_password']), $_POST['amount']);
206                                 if ($success) {
207                                         // Add it to this amount
208                                         $DEPTH = 0;
209                                         ADD_POINTS_REFSYSTEM($GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct");
210
211                                         // Update the user data as well..
212                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%d WHERE userid=%d LIMIT 1",
213                                                 array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
214
215                                         // All done!
216                                         LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_WITHDRAW_DONE);
217                                         return;
218                                 } elseif ((GET_WERNIS_ERROR_CODE() == "user_failed") || (GET_WERNIS_ERROR_CODE() == "own_failed") || (GET_WERNIS_ERROR_CODE() == "amount_failed")) {
219                                         // Wrong login data
220                                         LOAD_TEMPLATE("admin_settings_saved", false, GET_WERNIS_ERROR_MESSAGE());
221                                         OUTPUT_HTML("<br />");
222                                 } else {
223                                         // Something went wrong
224                                         LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_WITHDRAW_FAILED, GET_WERNIS_ERROR_MESSAGE()));
225                                         OUTPUT_HTML("<br />");
226                                 }
227                         }
228                         break;
229
230                 case "pay": // Payout this exchange -> WDS66
231                         // Is the user ID and password set?
232                         if (empty($_POST['wds66_id'])) {
233                                 // Nothing entered in WDS66 user ID
234                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_USERNAME);
235                                 OUTPUT_HTML("<br />");
236                         } elseif (empty($_POST['wds66_password'])) {
237                                 // Nothing entered in WDS66 password
238                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_PASSWORD);
239                                 OUTPUT_HTML("<br />");
240                         } elseif (empty($_POST['amount'])) {
241                                 // Nothing entered in amount
242                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_EMPTY_AMOUNT);
243                                 OUTPUT_HTML("<br />");
244                         } elseif ($_POST['wds66_id'] != bigintval($_POST['wds66_id'])) {
245                                 // Only numbers in account ID!
246                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_USERNAME);
247                                 OUTPUT_HTML("<br />");
248                         } elseif ($_POST['amount'] != bigintval($_POST['amount'])) {
249                                 // Only numbers in amount!
250                                 LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_INVALID_AMOUNT);
251                                 OUTPUT_HTML("<br />");
252                         } elseif ($_POST['amount'] < $_CONFIG['wernis_min_payout']) {
253                                 // Not enougth entered!
254                                 LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_AMOUNT_SMALLER_MIN, bigintval($_CONFIG['wernis_min_payout'])));
255                                 OUTPUT_HTML("<br />");
256                         } elseif ($_POST['amount'] > $points) {
257                                 // Not enougth points left!
258                                 LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_PAYOUT_POINTS_DEPLETED, bigintval($_POST['amount']), bigintval($points)));
259                                 OUTPUT_HTML("<br />");
260                         } else {
261                                 // All is fine here so do the withdraw
262                                 $success = WERNIS_EXECUTE_PAYOUT($_POST['wds66_id'], md5($_POST['wds66_password']), $_POST['amount']);
263                                 if ($success) {
264                                         // Default is locked!
265                                         $locked = true;
266
267                                         // Shall I "pay" the referral points imidiately?
268                                         if ($_CONFIG['ref_payout'] == "0") {
269                                                 // Yes, "pay" it now
270                                                 $locked = false;
271                                         }
272
273                                         // Remove the points from the account
274                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `used_points` = `used_points` + %d, `wernis_userid`=%d WHERE userid=%d LIMIT 1",
275                                                 array(bigintval($_POST['amount']), bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
276
277                                         // All done!
278                                         LOAD_TEMPLATE("admin_settings_saved", false, WERNIS_MEMBER_PAYOUT_DONE);
279                                         return;
280                                 } elseif ((GET_WERNIS_ERROR_CODE() == "user_failed") || (GET_WERNIS_ERROR_CODE() == "own_failed") || (GET_WERNIS_ERROR_CODE() == "amount_failed") || (GET_WERNIS_ERROR_CODE() == "api_amount_failed")) {
281                                         // Wrong login data
282                                         LOAD_TEMPLATE("admin_settings_saved", false, GET_WERNIS_ERROR_MESSAGE());
283                                         OUTPUT_HTML("<br />");
284                                 } else {
285                                         // Something went wrong
286                                         LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_WITHDRAW_FAILED, GET_WERNIS_ERROR_MESSAGE()));
287                                         OUTPUT_HTML("<br />");
288                                 }
289                         }
290                         break;
291
292                 default: // Invalid mode!
293                         LOAD_TEMPLATE("admin_settings_saved", false, sprintf(WERNIS_MEMBER_MODE_INVALID, SQL_ESCAPE($_GET['mode'])));
294                         return;
295         }
296 }
297
298 // Prepare mode for template name
299 $mode = sprintf("member_wernis_mode_%s", SQL_ESCAPE($_GET['mode']));
300
301 // Load the template
302 LOAD_TEMPLATE($mode, false, $content);
303
304 //
305 ?>