= '0.1.3')) { // Fetch also holiday activation data $HOLIDAY = 'holiday_active'; } // END - if $result_mmails = SQL_QUERY_ESC("SELECT `userid`, `receive_mails`, `mail_orders`, `".$HOLIDAY."` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s AND `max_mails` > 0 LIMIT 1", array(getMemberId()), __FILE__, __LINE__); $mmails = SQL_NUMROWS($result_mmails); list($DMY, $MAXI, $ORDERS, $HOLIDAY) = SQL_FETCHROW($result_mmails); // Free result SQL_FREERESULT($result_mmails); // Fix non-existent ext-holidy if ($HOLIDAY == $DMY) $HOLIDAY = 'N'; $ALLOWED = $MAXI - $ORDERS; if (getConfig('order_max_full') == 'MAX') $ALLOWED = $MAXI; // Now check his points amount $total = countSumTotalData(getMemberId(), 'user_points', 'points') - countSumTotalData(getMemberId(), 'user_data', 'used_points');; if (($HOLIDAY == 'Y') && (getExtensionVersion('holiday') >= '0.1.3')) { // Holiday is active! loadTemplate('admin_settings_saved', false, getMessage('HOLIDAY_ORDER_NOT_POSSIBLE')); } elseif ((isPostRequestParameterSet('frametester')) && ($ALLOWED > 0) && (postRequestParameter('receiver') > 0)) { // Continue with the frametester, we first need to store the data temporary in the pool // // First we would like to store the data and get it's pool position back... $result = SQL_QUERY_ESC("SELECT `id`, `data_type` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `url`='%s' AND `timestamp` > (UNIX_TIMESTAMP() - %s) LIMIT 1", array( getMemberId(), postRequestParameter('url'), getConfig('url_tlock') ), __FILE__, __LINE__); $type = 'TEMP'; $id = '0'; if (SQL_NUMROWS($result) == 1) { // Load id and mail type list($id, $type) = SQL_FETCHROW($result); } // END - if // Free result SQL_FREERESULT($result); if ($type == 'TEMP') { // No entry found, so we need to check out the stats table as well... :) // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters $URL = ''; if (getConfig('allow_url_in_text') == 'Y') { // Test submitted text against some filters (length, URLs in text etc.) if ((strpos(strtolower(postRequestParameter('text')), 'https://') > -1) || (strpos(strtolower(postRequestParameter('text')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('text')), "www") > -1)) { // URL found! $URL = 'modules.php?module=login&what=order&code=' . getCode('URL_FOUND'); } // END - if // Remove new-line and carriage-return characters $TEST = str_replace("\n", '', str_replace("\r", '', postRequestParameter('text'))); // Text length within allowed length? if (strlen($TEST) > getConfig('max_tlength')) { // Text is too long! $URL = 'modules.php?module=login&what=order&code=' . getCode('OVERLENGTH'); } // END - if } // END - if // Shall I test the subject line against URLs? if (getConfig('allow_url_in_subject') == 'Y') { // Check the subject line for issues setPostRequestParameter('subject', str_replace("\\", '[nl]', substr(postRequestParameter('subject'), 0, 200))); if ((strpos(strtolower(postRequestParameter('subject')), 'http://') > -1) || (strpos(strtolower(postRequestParameter('subject')), "www") > -1)) { // URL in subject found $URL = 'modules.php?module=login&what=order&code=' . getCode('SUBJ_URL'); } // END - if } // END - if // And shall I check that his URL is not in the black list? if (getConfig('url_blacklist') == 'Y') { // Ok, I do that for you know... $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`timestamp`) AS tstamp FROM `{?_MYSQL_PREFIX?}_url_blacklist` WHERE `url`='%s' LIMIT 1", array(postRequestParameter('url')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Jupp, we got one listed list($blist) = SQL_FETCHROW($result); // Create redirect-URL $URL = 'modules.php?module=login&what=order&code=' . getCode('BLIST_URL') . '&blist=' . $blist; } // END - if // Free result SQL_FREERESULT($result); } // END - if // Enougth receivers entered? if ((postRequestParameter('receiver') < getConfig('order_min')) && (!isAdmin())) { // Less than allowed receivers entered! $URL = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS3'); } // END - if // Validate URL if (!isUrlValid(postRequestParameter('url'))) { // URL is invalid! $URL = 'modules.php?module=login&what=order&code=' . getCode('INVALID_URL'); } // END - if // Probe for HTML extension if (isExtensionActive('html_mail')) { // HTML or regular text mail? if (postRequestParameter('html') == 'Y') { // Chek for valid HTML tags setPostRequestParameter('text', checkHtmlTags(postRequestParameter('text'))); // Maybe invalid tags found? if (!isPostRequestParameterSet('text')) $URL = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS')."&id=".$id; } else { // Remove any HTML code setPostRequestParameter('text', str_replace('<', '{OPEN_HTML}', str_replace('>', '{CLOSE_HTML}', postRequestParameter('text')))); } } } elseif (!isAdmin()) { // He has already sent a mail within a specific time $URL = 'modules.php?module=login&what=order&code=' . getCode('URL_TLOCK') . '&id=' . $id; } // Still no error? if (empty($URL)) { // Check if category and number of receivers is okay $add = ''; if ((getConfig('order_multi_page') == 'Y') && (isPostRequestParameterSet('zip'))) { // Choose recipients by ZIP code $add = " AND d.zip LIKE '".bigintval(postRequestParameter('zip'))."{PER}'"; } // END - if // Check for userids $result = SQL_QUERY_ESC("SELECT c.userid FROM `{?_MYSQL_PREFIX?}_user_cats` AS c LEFT JOIN `{?_MYSQL_PREFIX?}_user_data` AS d ON c.userid=d.userid WHERE c.cat_id=%s AND c.userid != '%s' AND d.`status`='CONFIRMED' AND d.receive_mails > 0".$add." ORDER BY d.%s %s", array( bigintval(postRequestParameter('cat')), getMemberId(), getConfig('order_select'), getConfig('order_mode'), ), __FILE__, __LINE__); // Do we enougth receivers left? if (SQL_NUMROWS($result) >= postRequestParameter('receiver')) { // Check for holiday extensions $HOLIDAY = false; if (getExtensionVersion('holiday') >= '0.1.3') { // Include checking for users in holiday $HOLIDAY = true; } // END - if // Load receivers from database $TEST = array(); $cnt = '0'; while ($holidayContent = SQL_FETCHARRAY($result)) { if ($HOLIDAY) { // Check for his holiday status $result_holiday = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_holidays` WHERE `userid`=%s AND `holiday_start` < UNIX_TIMESTAMP() AND `holiday_end` > UNIX_TIMESTAMP() LIMIT 1", array($holidayContent['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result_holiday) == 1) $holidayContent['userid'] = '0'; // Exclude user who are in holiday // Free memory SQL_FREERESULT($result_holiday); } // END - if if ($holidayContent['userid'] > 0) { // Add receiver $TEST[] = $holidayContent['userid']; $cnt++; } // END - if } // END - while // Free memory SQL_FREERESULT($result); // Implode array into string for the sending pool $receiver = implode($TEST, ';'); // Count array for maximum sent $content['target_send'] = count($TEST); // Update receiver list SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `receive_mails`=`receive_mails`-1 WHERE `userid` IN (%s) LIMIT %s", array(convertReceivers($receiver), $content['target_send']), __FILE__, __LINE__); // Is calculated max receivers larger than wanted receivers then reset it if ($content['target_send'] > postRequestParameter('receiver')) $content['target_send'] = bigintval(postRequestParameter('receiver')); // Calculate used points $USED = $content['target_send'] * getPaymentPoints(bigintval(postRequestParameter('type'))); // Fix empty zip code if (!isPostRequestParameterSet('zip')) setPostRequestParameter('zip', 0); // Check if he has enougth points for this order and selected more than 0 receivers if (($USED > 0) && ($USED <= $total) && ($content['target_send'] > 0)) { // Gettings points is okay, so we can add $USED later from if (($id == '0') || ($type != 'TEMP')) { // New order $id = '0'; if (isExtensionActive('html_mail')) { // HTML extension is active SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` (`sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`, `html_msg`) VALUES ('%s','%s','%s','%s','%s','TEMP',UNIX_TIMESTAMP(),'%s','%s','%s','%s','%s')", array( getMemberId(), postRequestParameter('subject'), postRequestParameter('text'), $receiver, bigintval(postRequestParameter('type')), postRequestParameter('url'), bigintval(postRequestParameter('cat')), $content['target_send'], bigintval(postRequestParameter('zip')), postRequestParameter('html') ), __FILE__, __LINE__); } else { // No HTML extension is active SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_pool` (`sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `cat_id`, `target_send`, `zip`) VALUES ('%s','%s','%s','%s','%s','TEMP',UNIX_TIMESTAMP(),'%s','%s','%s','%s')", array( getMemberId(), postRequestParameter('subject'), postRequestParameter('text'), $receiver, bigintval(postRequestParameter('type')), postRequestParameter('url'), bigintval(postRequestParameter('cat')), $content['target_send'], bigintval(postRequestParameter('zip')), ), __FILE__, __LINE__); } } else { // Change current order if (isExtensionActive('html_mail')) { // HTML extension is active SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_pool` SET `subject`='%s', `text`='%s', `receivers`='%s', `payment_id`=%s, `timestamp`=UNIX_TIMESTAMP(), `url`='%s', `cat_id`=%s, `target_send`=%s, `zip`=%s, `html_msg`='%s' WHERE `id`=%s LIMIT 1", array( postRequestParameter('subject'), postRequestParameter('text'), $receiver, bigintval(postRequestParameter('type')), postRequestParameter('url'), bigintval(postRequestParameter('cat')), $content['target_send'], bigintval(postRequestParameter('zip')), postRequestParameter('html'), bigintval($id) ), __FILE__, __LINE__); } else { // No HTML extension is active SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_pool` SET `subject`='%s', `text`='%s', `receivers`='%s', `payment_id`=%s, `timestamp`=UNIX_TIMESTAMP(), `url`='%s', `cat_id`=%s, `target_send`=%s, `zip`=%s WHERE `id`=%s LIMIT 1", array( postRequestParameter('subject'), postRequestParameter('text'), $receiver, bigintval(postRequestParameter('type')), postRequestParameter('url'), bigintval(postRequestParameter('cat')), $content['target_send'], bigintval(postRequestParameter('zip')), bigintval($id) ), __FILE__, __LINE__); } } // Do we need to get the id number? if ($id == '0') { // Order is placed as temporary. We need to get it's id for the frametester $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1", array( getMemberId(), postRequestParameter('subject'), bigintval(postRequestParameter('type')) ), __FILE__, __LINE__); // Get pool id list($id) = SQL_FETCHROW($result); // Free result SQL_FREERESULT($result); } // END - if // id is received so we can redirect the user, used points will be added when he send's out the mail $URL = 'modules.php?module=frametester&order=' . $id; } elseif ($content['target_send'] == '0') { // Not enougth receivers found which can receive mails $URL = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS2'); } else { // No enougth points left! $URL = 'modules.php?module=login&what=order&code=' . getCode('MORE_POINTS'); } } else { // Ordered more mails than he can send in this category $URL = 'modules.php?module=login&what=order&code=' . getCode('NO_RECS_LEFT'); } } } elseif (postRequestParameter('receiver') == '0') { // Not enougth receivers selected $URL = 'modules.php?module=login&what=order&code=' . getCode('MORE_RECEIVERS1'); } elseif (($ALLOWED == '0') && (getConfig('order_max_full') == 'ORDER')) { // No more mail orders allowed loadTemplate('admin_settings_saved', false, getMessage('MEMBER_ORDER_ALLOWED_EXHAUSTED')); } elseif (($links < getConfig('unconfirmed')) && ($mmails == 1)) { // Display order form $result_cats = SQL_QUERY("SELECT `id`, `cat` FROM `{?_MYSQL_PREFIX?}_cats` ".$whereStatement." ORDER BY `sort` ASC", __FILE__, __LINE__); if (SQL_NUMROWS($result_cats) > 0) { if ($total > 0) { // Initialize array... $categories = array( 'id' => array(), 'name' => array(), 'userids' => array() ); // Enable HTML checking // @TODO Rewrite this to a filter $HTML = ''; $HOLIDAY = false; $HOL_STRING = ''; if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) $HTML = " AND `html`='Y'"; if (getExtensionVersion('holiday') >= '0.1.3') { // Extension's version is fine $HOLIDAY = true; $HOL_STRING = " AND `holiday_active`='N'"; } // END - if // ... and begin loading stuff while ($categoriesContent = SQL_FETCHARRAY($result_cats)) { $categories['id'][] = bigintval($categoriesContent['id']); $categories['name'][] = $categoriesContent['cat']; // Select users in current category $result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC", array(bigintval($categoriesContent['id']), getMemberId()), __FILE__, __LINE__); $userid_cnt = '0'; while (list($ucat) = SQL_FETCHROW($result_userids)) { // Check for holiday system $HOL_ACTIVE = false; if ($HOLIDAY) { // Check user's holiday status $result_holiday = SQL_QUERY_ESC("SELECT d.userid FROM `{?_MYSQL_PREFIX?}_user_data` AS d LEFT JOIN `{?_MYSQL_PREFIX?}_user_holidays` AS h ON d.userid=h.userid WHERE d.userid=%s AND d.receive_mails > 0 AND d.`status`='CONFIRMED' AND d.`holiday_active`='Y' AND h.holiday_start < UNIX_TIMESTAMP() AND h.holiday_end > UNIX_TIMESTAMP() LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); // Is holiday is active? $HOL_ACTIVE = (SQL_NUMROWS($result_holiday) == 1); // Free memory SQL_FREERESULT($result_holiday); } // END - if if ($HOL_ACTIVE === false) { // Check if the user want's to receive mails? $result_ver = SQL_QUERY_ESC("SELECT `zip` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s".$HTML." AND `receive_mails` > 0 AND `status`='CONFIRMED' LIMIT 1", array(bigintval($ucat)), __FILE__, __LINE__); if ((SQL_NUMROWS($result_ver) == 1) && (isPostRequestParameterSet('zip')) && (getConfig('order_multi_page') == 'Y')) { // Get zip code list($zip) = SQL_FETCHROW($result_ver); if (substr($zip, 0, strlen(postRequestParameter('zip'))) == postRequestParameter('zip')) { // Ok, ZIP part is found $userid_cnt++; } // END - if } else { // Count numbers up! $userid_cnt += SQL_NUMROWS($result_ver); } // Free result SQL_FREERESULT($result_ver); } // END - if } // END - while // Free memory SQL_FREERESULT($result_userids); $categories['userids'][] = $userid_cnt; } // END - while // Free memory SQL_FREERESULT($result_cats); // Now we need to load the mail types... $result = SQL_QUERY("SELECT `id`, `price`, `payment`, `mail_title` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `payment` ASC", __FILE__, __LINE__); $types = array(); if (SQL_NUMROWS($result) > 0) { // Check for message id in URL $message = getMessageFromErrorCode(getRequestParameter('code')); if (!empty($message)) { // We got system message so we drop it out to the user loadTemplate('admin_settings_saved', false, $message); } // END - if // Load all email types... while ($types[] = SQL_FETCHROW($result)) { // Nothing to do here... ;-) } // END - while // Free memory SQL_FREERESULT($result); // Output user's points $content['total'] = translateComma($total); // Check how many mail orders he has placed today and how many he's allowed to send switch (getConfig('order_max_full')) { case 'MAX': // He is allowed to send as much as possible $content['order_max_full'] = getMessage('MEMBER_ORDER_ALLOWED_MAX'); break; case 'ORDER': // He is allowed to send as much as he setup the receiving value $content['order_max_full'] = sprintf(getMessage('MEMBER_ORDER_ALLOWED_RECEIVE'), $ALLOWED, $MAXI); break; default: // Unknown/invalid logDebugMessage(__FILE__, __LINE__, sprintf("Unknown order_mas_full config detected.", getConfig('order_max_full'))); $content['order_max_full'] = getMessage('MEMBER_ORDER_ALLOWED_UNKNOWN'); break; } // END - switch // Load final template loadTemplate('member_order_points', false, $content); // Reset variables $OLD_ORDER = false; $subject = ''; $text = ''; $target = ''; // Check if we already have an order placed and make it editable $result = SQL_QUERY_ESC("SELECT `subject`, `text`, `payment_id`, `timestamp`, `url`, `target_send`, `cat_id`, `zip` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `data_type`='TEMP' LIMIT 1", array(getMemberId()), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Old order found $content = merge_array($content, SQL_FETCHARRAY($result)); // Fix max receivers when it is too much if ((isset($categories['userids'][$content['cat_id']])) && ($content['target_send'] > $categories['userids'][$content['cat_id']])) { // Fix it $content['target_send'] = $categories['userids'][$content['cat_id']]; } // END - if // Old order is grabbed $OLD_ORDER = true; } else { // Default output for that your members don't forget it... $content['url'] = 'http://'; $content['target_send'] = getConfig('order_min'); $content['subject'] = '{--ORDER_DEFAULT_SUBJECT--}'; $content['text'] = '{--ORDER_DEFAULT_TEXT--}'; } // Free result SQL_FREERESULT($result); if ((isPostRequestParameterSet('data')) || ((getConfig('order_multi_page') != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) { // Pre-output categories $content['category_selection'] = ''; foreach ($categories['id'] as $key => $value) { $content['category_selection'] .= " \n"; } // END - foreach // Mail type $content['type_selection'] = ''; foreach ($types as $key => $value) { $P = translateComma($types[$key][1]); if (is_array($value)) { // Output option line $content['type_selection'] .= " \n"; } // END - if } // END - foreach if (isPostRequestParameterSet('zip')) { // Output entered ZIP code $content['zip_content'] = loadTemplate('member_order-zip2', true, postRequestParameter('zip')); } else { $content['zip_content'] = ' '; } // HTML extension if ((isExtensionActive('html_mail')) && (postRequestParameter('html') == 'Y')) { // Extension is active so output valid HTML tags $content['html_extension'] = loadTemplate('member_order-html_ext', true, addValidHtmlTags()); } else { // Extension not active and/or class not uploaded $content['html_extension'] = ''; } // Output form for page 2 loadTemplate('member_order_page2', false, $content); } else { // Remember maybe entered ZIP code in constant if (isExtensionActive('html_mail')) { // Add some content when html extension is active $content['html_extension'] = loadTemplate('member_order-html_intro', true); } else { // No HTML extension installed $content['html_extension'] = ''; } // Default is no ZIP code $content['zip_content'] = ''; // Do we want ZIP code or not? if ((getConfig('order_multi_page') == 'Y') || (isAdmin())) { // Yes if (postRequestParameter('zip') > 0) { $data = array( 'zip' => bigintval(postRequestParameter('zip')) ); } else { $data = array( 'zip' => '' ); } $content['zip_content'] = loadTemplate('member_order-zip1', true, $data); } // END - if // Output form for page 1 (ZIP code or HTML) loadTemplate('member_order_page1', false, $content); } } else { // No mail types defined loadTemplate('admin_settings_saved', false, '{--MEMBER_NO_PAYMENTS--}'); } } else { // No points left loadTemplate('admin_settings_saved', false, '{--MEMBER_NO_POINTS--}'); } } else { // No cateogries are defined yet loadTemplate('admin_settings_saved', false, '{--MEMBER_NO_CATS--}'); } } elseif ($mmails == '0') { // Please set more than 0 mails per day loadTemplate('admin_settings_saved', false, getMessage('MEMBER_HAS_ZERO_MMAILS')); } else { // Please confirm some mails first loadTemplate('admin_settings_saved', false, getMaskedMessage('MEMBER_LINKS_LEFT'), $links); } if (!empty($URL)) { // Redirect to requested URL redirectToUrl($URL); } // END - if // [EOF] ?>