0) && (postRequestElement('receiver') > 0)) { // Continue with the frametester, we first need to store the data temporary in the pool // // First we would like to store the data and get it's pool position back... $result = SQL_QUERY_ESC("SELECT `id`, `data_type` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `url`='%s' AND (UNIX_TIMESTAMP() - `timestamp`) >= {?url_tlock?} LIMIT 1", array( getMemberId(), postRequestElement('url') ), __FILE__, __LINE__); $type = 'TEMP'; $id = '0'; if (SQL_NUMROWS($result) == 1) { // Load id and mail type // @TODO Rewrite this to SQL_FETCHARRAY() list($id, $type) = SQL_FETCHROW($result); } // END - if // Free result SQL_FREERESULT($result); if ($type == 'TEMP') { // No entry found, so we need to check out the stats table as well... :) // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters $url = ''; if (getConfig('allow_url_in_text') == 'Y') { // Test submitted text against some filters (length, URLs in text etc.) if ((isInStringIgnoreCase('https://', postRequestElement('text'))) || (isInStringIgnoreCase('http://', postRequestElement('text'))) || (isInStringIgnoreCase('www', postRequestElement('text')))) { // URL found $url = 'modules.php?module=login&what=order&code=' . getCode('URL_FOUND'); } // END - if // Remove new-line and carriage-return characters $TEST = str_replace(array(chr(10), chr(13)), array('', ''), postRequestElement('text')); // Text length within allowed length? if (strlen($TEST) > getConfig('max_tlength')) { // Text is too long! $url = 'modules.php?module=login&what=order&code=' . getCode('OVERLENGTH'); } // END - if } // END - if // Shall I test the subject line against URLs? if (getConfig('allow_url_in_subject') == 'Y') { // Check the subject line for issues setPostRequestElement('subject', str_replace(chr(92), '[nl]', substr(postRequestElement('subject'), 0, 200))); if ((isInStringIgnoreCase('https://', postRequestElement('subject'))) || (isInStringIgnoreCase('http://', postRequestElement('subject'))) || (isInStringIgnoreCase('www', postRequestElement('subject')))) { // URL in subject found $url = 'modules.php?module=login&what=order&code=' . getCode('SUBJECT_URL'); } // END - if } // END - if // And shall I check that his URL is not in the black list? if (isUrlBlacklistEnabled()) { // Ok, I do that for you know... $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1", array(postRequestElement('url')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Jupp, we got one listed list($blist) = SQL_FETCHROW($result); // Create redirect-URL $url = 'modules.php?module=login&what=order&code=' . getCode('BLIST_URL') . '&blist=' . $blist; } // END - if // Free result SQL_FREERESULT($result); } // END - if // Enougth receivers entered? if ((postRequestElement('receiver') < getConfig('order_min')) && (!isAdmin())) { // Less than allowed receivers entered! $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS3'); } // END - if // Validate URL if (!isUrlValid(postRequestElement('url'))) { // URL is invalid! $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_URL'); } // END - if // Probe for HTML extension if (isExtensionActive('html_mail')) { // HTML or regular text mail? if (postRequestElement('html') == 'Y') { // Chek for valid HTML tags setPostRequestElement('text', checkHtmlTags(postRequestElement('text'))); // Maybe invalid tags found? if (!isPostRequestElementSet('text')) $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS')."&id=".$id; } else { // Remove any HTML code setPostRequestElement('text', str_replace(array('<', '>'), array('{OPEN_HTML}', '{CLOSE_HTML}'), postRequestElement('text'))); } } // END - if // Is mail type set? if ((!isPostRequestElementSet('mail_type')) || (postRequestElement('mail_type') < 1)) { // Not correctly set $url = 'modules.php?module=login&what=order&code=' . getCode('NO_MAIL_TYPE'); } // END - if } elseif (!isAdmin()) { // He has already sent a mail within a specific time $url = 'modules.php?module=login&what=order&code=' . getCode('URL_TIME_LOCK') . '&id=' . $id; } // Still no error? if (empty($url)) { // Check for userids $result = SQL_QUERY_ESC("SELECT c.`userid` FROM `{?_MYSQL_PREFIX?}_user_cats` AS c INNER JOIN `{?_MYSQL_PREFIX?}_user_data` AS d ON c.`userid`=d.`userid` WHERE c.`cat_id`=%s AND c.`userid` != %s AND d.`status`='CONFIRMED' " . runFilterChain('user_exclusion_sql', ' ') . " AND d.`receive_mails` > 0 ORDER BY d.`{?order_select?}` {?order_mode?}", array( bigintval(postRequestElement('cat')), getMemberId() ), __FILE__, __LINE__); // Are there still receivers left? if (SQL_NUMROWS($result) >= postRequestElement('receiver')) { // Load receivers from database $TEST = array(); $count = '0'; while ($holidayContent = SQL_FETCHARRAY($result)) { if (isExtensionInstalledAndNewer('holiday', '0.1.3')) { // Check for his holiday status $result_holiday = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_holidays` WHERE `userid`=%s AND `holiday_start` < UNIX_TIMESTAMP() AND `holiday_end` > UNIX_TIMESTAMP() LIMIT 1", array($holidayContent['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result_holiday) == 1) { // Exclude user who are in holiday $holidayContent['userid'] = '0'; } // END - if // Free memory SQL_FREERESULT($result_holiday); } // END - if if ($holidayContent['userid'] > 0) { // Add receiver array_push($TEST, $holidayContent['userid']); $count++; } // END - if } // END - while // Free memory SQL_FREERESULT($result); // Implode array into string for the sending pool $receiver = implode($TEST, ';'); // Count array for maximum sent $content['target_send'] = count($TEST); // Update receiver list SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s", array( convertReceivers($receiver), bigintval($content['target_send']) ), __FILE__, __LINE__); // Is calculated max receivers larger than wanted receivers then reset it if ($content['target_send'] > postRequestElement('receiver')) { $content['target_send'] = bigintval(postRequestElement('receiver')); } // END - if // Calculate used points $usedPoints = $content['target_send'] * getPaymentData(bigintval(postRequestElement('mail_type'))); // Fix empty zip code if (!isPostRequestElementSet('zip')) { setPostRequestElement('zip', 0); } // END - if // Check if he has enougth points for this order and selected more than 0 receivers if (($usedPoints > 0) && ($usedPoints <= $totalPoints) && ($content['target_send'] > 0)) { // Gettings points is okay, so we can add $usedPoints later from if (($id == '0') || ($type != 'TEMP')) { // New order $id = '0'; if (isExtensionActive('html_mail')) { // HTML extension is active SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` ( `sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`, `html_msg` ) VALUES ( %s, '%s', '%s', '%s', %s, 'TEMP', UNIX_TIMESTAMP(), '%s', %s, %s, %s, '%s' )", array( getMemberId(), postRequestElement('subject'), postRequestElement('text'), $receiver, bigintval(postRequestElement('mail_type')), postRequestElement('url'), bigintval(postRequestElement('cat')), bigintval($content['target_send']), bigintval(postRequestElement('zip'), true, false), postRequestElement('html') ), __FILE__, __LINE__); } else { // No HTML extension is active SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` ( `sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip` ) VALUES ( %s, '%s', '%s', '%s', %s, 'TEMP', UNIX_TIMESTAMP(), '%s', %s, %s, %s )", array( getMemberId(), postRequestElement('subject'), postRequestElement('text'), $receiver, bigintval(postRequestElement('mail_type')), postRequestElement('url'), bigintval(postRequestElement('cat')), bigintval($content['target_send']), bigintval(postRequestElement('zip'), true, false), ), __FILE__, __LINE__); } // Get insert id $id = SQL_INSERTID(); } else { // Change current order if (isExtensionActive('html_mail')) { // HTML extension is active SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_pool` SET `subject`='%s', `text`='%s', `receivers`='%s', `payment_id`=%s, `timestamp`=UNIX_TIMESTAMP(), `url`='%s', `cat_id`=%s, `target_send`=%s, `zip`=%s, `html_msg`='%s' WHERE `id`=%s LIMIT 1", array( postRequestElement('subject'), postRequestElement('text'), $receiver, bigintval(postRequestElement('mail_type')), postRequestElement('url'), bigintval(postRequestElement('cat')), $content['target_send'], bigintval(postRequestElement('zip')), postRequestElement('html'), bigintval($id) ), __FILE__, __LINE__); } else { // No HTML extension is active SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_pool` SET `subject`='%s', `text`='%s', `receivers`='%s', `payment_id`=%s, `timestamp`=UNIX_TIMESTAMP(), `url`='%s', `cat_id`=%s, `target_send`=%s, `zip`=%s WHERE `id`=%s LIMIT 1", array( postRequestElement('subject'), postRequestElement('text'), $receiver, bigintval(postRequestElement('mail_type')), postRequestElement('url'), bigintval(postRequestElement('cat')), $content['target_send'], bigintval(postRequestElement('zip')), bigintval($id) ), __FILE__, __LINE__); } } // Make sure only valid id numbers can pass assert((!is_bool($id)) && ($id > 0)); // Id is received so we can redirect the user, used points will be added when he send's out the mail $url = 'modules.php?module=frametester&order=' . $id; } elseif ($content['target_send'] == '0') { // Not enougth receivers found which can receive mails $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS2'); } else { // No enougth points left! $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_POINTS'); } } else { // Ordered more mails than he can send in this category $url = 'modules.php?module=login&what=order&code=' . getCode('NO_RECS_LEFT'); } } // END - if } elseif (postRequestElement('receiver') == '0') { // Not enougth receivers selected $url = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS1'); } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) { // No more mail orders allowed displayMessage('{--MEMBER_ORDER_ALLOWED_EXHAUSTED--}'); } elseif (getTotalUnconfirmedMails(getMemberId()) < getConfig('unconfirmed')) { // Show only enabled categories to the user ... $whereStatement = " WHERE `visible`='Y'"; // ... but all to the admin if (isAdmin()) $whereStatement = ''; // Display order form $result_cats = SQL_QUERY("SELECT `id`, `cat` FROM `{?_MYSQL_PREFIX?}_cats` ".$whereStatement." ORDER BY `sort` ASC", __FILE__, __LINE__); // Some categories found? if (!SQL_HASZERONUMS($result_cats)) { // Enought points left? if ($totalPoints > 0) { // Initialize array... $categories = array( 'id' => array(), 'name' => array(), 'userids' => array() ); // Enable HTML checking // @TODO Rewrite this to a filter $HTML = ''; $HOL_STRING = ''; if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) { $HTML = " AND `html`='Y'"; } // END - if if (isExtensionInstalledAndNewer('holiday', '0.1.3')) { // Extension's version is fine $HOL_STRING = " AND `holiday_active`='N'"; } // END - if // ... and begin loading stuff while ($categoriesContent = SQL_FETCHARRAY($result_cats)) { $categories['id'][] = bigintval($categoriesContent['id']); array_push($categories['name'], $categoriesContent['cat']); // Select users in current category $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC", array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__); $userid_cnt = '0'; while (list($userid) = SQL_FETCHROW($result_userids)) { // Check for holiday system $isHolidayActive = false; if (isExtensionInstalledAndNewer('holiday', '0.1.3')) { // Check user's holiday status $result_holiday = SQL_QUERY_ESC("SELECT COUNT(d.`userid`) AS `cnt` FROM `{?_MYSQL_PREFIX?}_user_data` AS d LEFT JOIN `{?_MYSQL_PREFIX?}_user_holidays` AS h ON d.`userid`=h.`userid` WHERE d.`userid`=%s AND d.`receive_mails` > 0 AND d.`status`='CONFIRMED' AND d.`holiday_active`='Y' AND h.`holiday_start` < UNIX_TIMESTAMP() AND h.`holiday_end` > UNIX_TIMESTAMP() LIMIT 1", array(bigintval($userid)), __FILE__, __LINE__); // Fetch entry list($count) = SQL_FETCHROW($result_holiday); // Free memory SQL_FREERESULT($result_holiday); // Is holiday is active? $isHolidayActive = ($count == 1); } // END - if if ($isHolidayActive === false) { // Check if the user want's to receive mails? $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1", array(bigintval($userid)), __FILE__, __LINE__); if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestElementSet('zip')) && (isOrderMultiPageEnabled())) { // Get zip code list($zip) = SQL_FETCHROW($result_ver); if (substr($zip, 0, strlen(postRequestElement('zip'))) == postRequestElement('zip')) { // Ok, ZIP code part is found $userid_cnt++; } // END - if } else { // Count numbers up! $userid_cnt += SQL_NUMROWS($result_ver); } // Free result SQL_FREERESULT($result_ver); } // END - if } // END - while // Free memory SQL_FREERESULT($result_userids); array_push($categories['userids'], $userid_cnt); } // END - while // Free memory SQL_FREERESULT($result_cats); // Now we need to load the mail types... $result = SQL_QUERY("SELECT `id`,`price`,`payment`,`mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__); $types = array(); if (!SQL_HASZERONUMS($result)) { // Is the error code set? if (isGetRequestElementSet('code')) { // Display error message displayMessage(getMessageFromErrorCode(getRequestElement('code'))); } // END - if // Load all email types... while ($type = SQL_FETCHARRAY($result)) { array_push($types, $type); } // END - while // Free memory SQL_FREERESULT($result); // Output user's points $content['total_points'] = $totalPoints; // Check how many mail orders he has placed today and how many he's allowed to send switch (getConfig('order_max_full')) { case 'MAX': // He is allowed to send as much as possible $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_MAX--}'; break; case 'ORDER': // He is allowed to send as much as he setup the receiving value $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, getUserData('receive_mails')); break; default: // Unknown/invalid logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full'))); $content['order_max_full'] = '{--MEMBER_ORDER_ALLOWED_UNKNOWN--}'; break; } // END - switch // Load final template loadTemplate('member_order_points', false, $content); // Reset variables $OLD_ORDER = false; $subject = ''; $text = ''; $target = ''; // Check if we already have an order placed and make it editable $result = SQL_QUERY_ESC("SELECT `subject`, `text`, `payment_id`, `timestamp`, `url`, `target_send`, `cat_id`, `zip` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `data_type`='TEMP' LIMIT 1", array(getMemberId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Old order found $content = merge_array($content, SQL_FETCHARRAY($result)); // Fix max receivers when it is too much if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) { // Fix it $content['target_send'] = $categories['userids'][$content['cat_id']]; } // END - if // Old order is grabbed $OLD_ORDER = true; } else { // Default output for that your members don't forget it... $content['url'] = 'http://'; $content['target_send'] = '{?order_min?}'; $content['subject'] = ''; $content['text'] = ''; } // Free result SQL_FREERESULT($result); if ((isPostRequestElementSet('data')) || ((getOrderMultiPage() != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) { // Pre-output categories $content['category_selection'] = generateCategoryOptionsList(((isExtensionActive('html_mail')) && (isPostRequestElementSet('html'))) ? postRequestElement('html') : 'N', getMemberId()); // Mail type $content['type_selection'] = ''; foreach ($types as $key => $value) { if (is_array($value)) { // Output option line $content['type_selection'] .= ' '; } // END - if } // END - foreach // No content is default $content['zip_content'] = ''; if (isPostRequestElementSet('zip')) { // Output entered ZIP code $content['zip_content'] = loadTemplate('member_order_zip2', true, postRequestElement('zip')); } // END - if // No HTML extension installed by default $content['html_extension'] = ''; // HTML extension if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) { // Extension is active so output valid HTML tags $content['html_extension'] = loadTemplate('member_order_html_ext', true); } // END - if // Output form for page 2 loadTemplate('member_order_page2', false, $content); } else { // No HTML extension installed by default $content['html_extension'] = ''; // Remember maybe entered ZIP code in constant if (isExtensionActive('html_mail')) { // Add some content when html extension is active $content['html_extension'] = loadTemplate('member_order_html_intro', true); } // END - if // Default is no ZIP code $content['zip_content'] = ''; // Do we want ZIP code or not? if ((isOrderMultiPageEnabled()) || (isAdmin())) { // Yes if (postRequestElement('zip') > 0) { $data = array( 'zip' => bigintval(postRequestElement('zip')) ); } else { $data = array( 'zip' => '' ); } $content['zip_content'] = loadTemplate('member_order_zip1', true, $data); } // END - if // Output form for page 1 (ZIP code or HTML) loadTemplate('member_order_page1', false, $content); } } else { // No mail types defined displayMessage('{--MEMBER_ORDER_NO_PAYMENTS--}'); } } else { // No points left displayMessage('{--MEMBER_ORDER_NO_POINTS--}'); } } else { // No cateogries are defined yet displayMessage('{--MEMBER_NO_CATEGORIES--}'); } } else { // Please confirm some mails first displayMessage('{%message,MEMBER_ORDER_LINKS_LEFT=' . getTotalUnconfirmedMails(getMemberId()) . '%}'); } if (!empty($url)) { // Redirect to requested URL redirectToUrl($url); } // END - if // [EOF] ?>