0", array($GLOBALS['userid']), __FILE__, __LINE__); list($total) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Get totally used points and password $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($used, $pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Remember maximum value for template define('__TRANSFER_MAX_VALUE', round($total - $used - $_CONFIG['transfer_balance'] - 0.5)); if (isset($_POST['ok'])) { // Add new transfer if ($_CONFIG['transfer_code'] > 0) { // Check for code $code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE); $valid_code = ($code == $_POST['code']); } else { // Zero length (= disabled) is always valid! $valid_code = true; } // Test password $valid_pass = ($pass == generateHash($_POST['password'], $pass)); // Test transfer amount $valid_amount = ((!empty($_POST['points'])) && ($_POST['points'] <= __TRANSFER_MAX_VALUE)); // Test reason for transfer $valid_reason = (!empty($_POST['reason'])); // Test if a recipient is selected $valid_recipient = ($_POST['to_uid'] > 0); // Check for nickname extension and set additional data $nick = false; $ADD = ", userid"; if (EXT_IS_ACTIVE("nickname")) { $ADD = ", nickname"; $nick = true; } // Re-check receivers and own personal data $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2", array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__); $valid_data = (SQL_NUMROWS($result) == 2); if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient) { // Let's start the transfer and load user data list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result); list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result); SQL_FREERESULT($result); if ($uid1 == $GLOBALS['userid']) { // Data row 1 is sender's data define('__SENDER_SEX' , TRANSLATE_SEX($sex1)); define('__SENDER_NICK' , $nick1); define('__SENDER_SNAME' , $sname1); define('__SENDER_FNAME' , $fname1); define('__SENDER_EMAIL' , $email1); // Data row 2 is recpient's data define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2)); define('__RECIPIENT_NICK' , $nick2); define('__RECIPIENT_SNAME', $sname2); define('__RECIPIENT_FNAME', $fname2); define('__RECIPIENT_EMAIL', $email2); // Prepare variables for testing $TEST_NICK_SENDER = $nick1; $TEST_NICK_REC = $nick2; } else { // Data row 2 is sender's data define('__SENDER_SEX' , TRANSLATE_SEX($sex2)); define('__SENDER_NICK' , $nick2); define('__SENDER_SNAME' , $sname2); define('__SENDER_FNAME' , $fname2); define('__SENDER_EMAIL' , $email2); // Data row 1 is recpient's data define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1)); define('__RECIPIENT_NICK' , $nick1); define('__RECIPIENT_SNAME', $sname1); define('__RECIPIENT_FNAME', $fname1); define('__RECIPIENT_EMAIL', $email1); // Prepare variables for testing $TEST_NICK_SENDER = $nick2; $TEST_NICK_REC = $nick1; } // Sender's UID is always currently stored in cookie userid... define('__SENDER_UID' , $GLOBALS['userid']); define('__RECIPIENT_UID' , $_POST['to_uid']); $SENDER = __SENDER_UID; $RECIPIENT = __RECIPIENT_UID; if ($nick) { if (($TEST_NICK_SENDER != __SENDER_UID) && (!empty($TEST_NICK_SENDER))) { $SENDER = __SENDER_NICK; } if (($TEST_NICK_REC != __RECIPIENT_UID) && (!empty($TEST_NICK_REC))) { $RECIPIENT = __RECIPIENT_NICK; } } // Remember transfer reason and fancy date/time in constants define('__TRANSFER_REASON', $_POST['reason']); if (function_exists('CREATE_FANCY_TIME')) { define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($_CONFIG['transfer_age'])); } else { define('__TRANSFER_EXPIRES', round($_CONFIG['transfer_age']/60/60/24)." ".DAYS); } // Generate tranafer id define('__TRANS_ID', bigintval(GEN_RANDOM_CODE("10", rand(0, 99999), $GLOBALS['userid'], $_POST['reason']))); // Add entries to both tables $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')", array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID), __FILE__, __LINE__); $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s', '%s', '%s', '%s', UNIX_TIMESTAMP(), '%s')", array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID), __FILE__, __LINE__); // Add points to account *directly* ... $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__); // ... and add it to current user's used points SUB_POINTS($GLOBALS['userid'], $_POST['points']); // First send email to recipient $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID); SEND_EMAIL(__RECIPIENT_EMAIL, TRANSFER_MEMBER_RECIPIENT_SUBJ.": ".$SENDER, $msg); // Second send email to sender $msg = LOAD_EMAIL_TEMPLATE("member_transfer_sender", "", __SENDER_UID); SEND_EMAIL(__SENDER_EMAIL, TRANSFER_MEMBER_SENDER_SUBJ.": ".$RECIPIENT, $msg); // At last send admin mail(s) $ADMIN_SUBJ = sprintf("%s (%s->%s)", TRANSFER_ADMIN_SUBJECT, $SENDER, $RECIPIENT); SEND_ADMIN_NOTIFICATION($ADMIN_SUBJ, "admin_transfer_points"); // Transfer is completed LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."
".TRANSFER_CONTINUE_OVERVIEW.""); } elseif (!$valid_code) { // Invalid Touring code! OUTPUT_HTML("

".TRANSFER_INVALID_CODE."

"); unset($_POST['ok']); } elseif (!$valid_pass) { // Wrong password entered OUTPUT_HTML("

".TRANSFER_INVALID_PASSWORD."

"); unset($_POST['ok']); } elseif (!$valid_amount) { // Too much points entered OUTPUT_HTML("

".TRANSFER_INVALID_POINTS."

"); unset($_POST['ok']); } elseif (!$valid_reason) { // No transfer reason entered OUTPUT_HTML("

".TRANSFER_INVALID_REASON."

"); unset($_POST['ok']); } elseif (!$valid_recipient) { // No recipient selected OUTPUT_HTML("

".TRANSFER_INVALID_RECIPIENT."

"); unset($_POST['ok']); } elseif (!$valid_data) { // No recipient selected OUTPUT_HTML("

".TRANSFER_INVALID_DATA."

"); unset($_POST['ok']); } } if (!isset($_POST['ok'])) { // Load member list if (EXT_IS_ACTIVE("nickname")) { // Load userid and nickname $result = SQL_QUERY_ESC("SELECT userid, nickname FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid", array($GLOBALS['userid']), __FILE__, __LINE__); } else { // Load only userid $result = SQL_QUERY_ESC("SELECT userid, userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid", array($GLOBALS['userid']), __FILE__, __LINE__); } if (SQL_NUMROWS($result) > 0) { // Load list $OUT = " ".$img); } else { $code = "00000"; define('__TRANSFER_IMAGE_INPUT', TRANSFER_NO_CODE); } // Transfer maybe already entered valued' if (isset($_GET['ok'])) { // Get values from form define('__TRANSFER_POINTS_VALUE', bigintval($_POST['points'])); define('__TRANSFER_REASON_VALUE', strip_tags($_POST['reason'])); } else { // Set empty values define('__TRANSFER_POINTS_VALUE', ""); define('__TRANSFER_REASON_VALUE', ""); } // Output form LOAD_TEMPLATE("member_transfer_new"); } break; case "list_in": // List only incoming transactions case "list_out": // List only outgoing transactions // As you can see I put list_in and list_out together. I now do a switch() again on it for the right SQL command switch ($MODE) { case "list_in": $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; $NOTHING = TRANSFER_NO_INCOMING_TRANSFERS; define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING); define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING); break; case "list_out": $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; $NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS; define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING); define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING); break; } // Run the SQL command $total = "0"; $result = SQL_QUERY_ESC($SQL, array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { $OUT = ""; $SW = 2; while (list($tid, $uid, $points, $reason, $stamp) = SQL_FETCHROW($result)) { if ($type == "OUT") $points = "$points-"; $OUT .= " ".$tid." ".MAKE_DATETIME($stamp, "3")." ".$uid." ".$reason." ".$points." \n"; $total += $points; $SW = 3 - $SW; } // Free memory SQL_FREERESULT($result); } else { // Nothing for in or out $OUT = " ".LOAD_TEMPLATE("admin_settings_saved", true, $NOTHING)." "; } // ... and add them to a constant for the template define('__TRANSFER_ROWS', $OUT); // Remeber total amount define('__TRANSFER_TOTAL_VALUE', $total); // Load final template LOAD_TEMPLATE("member_transfer_list"); break; case "list_all": // List all transactions // We fill a temporary table with data from both tables. This is much easier // to code and unstand by you as sub-SELECT queries. I know this is not the // fastest way but it shall be fine for now. // // First of all create the temporary table $result = SQL_QUERY("CREATE TEMPORARY TABLE "._MYSQL_PREFIX."_transfers_tmp ( trans_id VARCHAR(12) NOT NULL DEFAULT '', party_uid BIGINT(20) NOT NULL DEFAULT '0', points BIGINT(20) NOT NULL DEFAULT '0', reason VARCHAR(255) NOT NULL DEFAULT '', time_trans VARCHAR(10) NOT NULL DEFAULT '0', trans_type ENUM('IN', 'OUT') NOT NULL DEFAULT 'IN', KEY(party_uid) ) TYPE=HEAP", __FILE__, __LINE__); // Let's begin with the incoming list $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s", array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); while ($DATA = SQL_FETCHROW($result)) { $DATA[] = "IN"; $DATA = implode("', '", $DATA); $res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__); } // Free memory SQL_FREERESULT($result); // As the last table transfer data from outgoing table to temporary $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s", array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); while ($DATA = SQL_FETCHROW($result)) { $DATA[] = "OUT"; $DATA = implode("', '", $DATA); $res_temp = SQL_QUERY("INSERT INTO "._MYSQL_PREFIX."_transfers_tmp (trans_id, party_uid, points, reason, time_trans, trans_type) VALUES ('".$DATA."')", __FILE__, __LINE__); } // Free memory SQL_FREERESULT($result); $total = "0"; if (SQL_NUMROWS($result) > 0) { // Output rows $OUT = ""; $SW = 2; $result = SQL_QUERY("SELECT party_uid, trans_id, points, reason, time_trans, trans_type FROM "._MYSQL_PREFIX."_transfers_tmp ORDER BY time_trans DESC", __FILE__, __LINE__); while(list($uid, $idx, $points, $reason, $stamp, $type) = SQL_FETCHROW($result)) { if ($type == "OUT") $points = "-$points"; $OUT .= " ".$idx." ".MAKE_DATETIME($stamp, "3")." ".$uid." ".$reason." ".$points." \n"; $total += $points; $SW = 3 - $SW; } // Free memory SQL_FREERESULT($result); } else { // Nothing for in and out $OUT = " ".LOAD_TEMPLATE("admin_settings_saved", true, TRANSFER_NO_INOUT_TRANSFERS)." "; } // ... and add them to a constant for the template define('__TRANSFER_ROWS', $OUT); // Remeber total amount define('__TRANSFER_TOTAL_VALUE', $total); // Set title define('__TRANSFER_TITLE', TRANSFER_LIST_ALL); // Set "balance" word define('__TRANSFER_SUM', TRANSFER_TOTAL_BALANCE); // Load final template LOAD_TEMPLATE("member_transfer_list"); // At the end we don't need a temporary table in memory $result = SQL_QUERY("DROP TABLE IF EXISTS "._MYSQL_PREFIX."_transfers_tmp", __FILE__, __LINE__); // Free some memory... SQL_FREERESULT($result); break; case "": // Overview page // Check incoming transfers $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); list($dmy) = SQL_FETCHROW($result); SQL_FREERESULT($result); $total=$dmy; if ($dmy > 0) { define('__TRANSFER_IN_LINK', "".$dmy.""); } else { define('__TRANSFER_IN_LINK', $dmy); } // Check outgoing transfers $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); list($dmy) = SQL_FETCHROW($result); SQL_FREERESULT($result); $total+=$dmy; if ($dmy > 0) { define('__TRANSFER_OUT_LINK', "".$dmy.""); } else { define('__TRANSFER_OUT_LINK', $dmy); } // Total transactions if ($total > 0) { define('__TRANSFER_ALL_LINK', "".$total.""); } else { define('__TRANSFER_ALL_LINK', $total); } if (isset($_POST['ok'])) { // Save settings $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1", array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__); // Rember for next switch() command $opt_in = $_POST['opt_in']; // "Settings saved..." OUTPUT_HTML("

".SETTINGS_SAVED."

"); } switch ($opt_in) { case 'Y': define('__TRANSFER_ALLOW_Y', ' checked'); define('__TRANSFER_ALLOW_N', ""); define('__TRANSFER_NEW_LINK', "".TRANSFER_NOW_LINK.""); break; case 'N': define('__TRANSFER_ALLOW_Y', ""); define('__TRANSFER_ALLOW_N', ' checked'); define('__TRANSFER_NEW_LINK', TRANSFER_PLEASE_ALLOW_OPT_IN); break; } // Check for latest out-transfers $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Load template define('__TRANSFER_SETTINGS_CONTENT', LOAD_TEMPLATE("member_transfer_settings", true)); } else { // Load newest transaction list($newest) = SQL_FETCHROW($result); SQL_FREERESULT($result); define('__TRANSFER_SETTINGS_CONTENT', TRANSFER_LATEST_IS_1.MAKE_DATETIME($newest, "3").TRANSFER_LATEST_IS_2); } // Load template LOAD_TEMPLATE("member_transfer_overview"); break; } // ?>