************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
ADD_DESCR("admin", basename(__FILE__));
// Define some variables
-global $DATA, $link;
+global $DATA;
// Check for mails
$result_main = SQL_QUERY("SELECT id, sender, subject, payment_id, timestamp, url, target_send, cat_id FROM "._MYSQL_PREFIX."_pool WHERE data_type='ADMIN' ORDER BY timestamp", __FILE__, __LINE__);
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) {
// Count checked checkboxes
$SEL = 0;
if (count($_POST['sel']) > 0) {
// Count now... We use an own function for now
$SEL = SELECTION_COUNT($_POST['sel']);
- }
- }
+ } // END - if
+ } // END - if
if (isset($_POST['accept'])) {
if ($SEL > 0) {
// Secure ID number
$id = bigintval($id);
- // Unlock selected email
- //$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%d AND data_type='ADMIN' LIMIT 1",
- // array($id), __FILE__, __LINE__);
- if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) {
- // Order placed in queue...
- $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment
+ // Order placed in queue...
+ $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id
FROM "._MYSQL_PREFIX."_pool AS po
INNER JOIN "._MYSQL_PREFIX."_payments AS pay
ON po.payment_id=pay.id
-WHERE po.id=%d
+WHERE po.id=%s
LIMIT 1",
- array($id), __FILE__, __LINE__);
- $DATA = SQL_FETCHROW($result);
+ array($id), __FILE__, __LINE__);
+
+ // Update wents fine?
+ if (SQL_NUMROWS($result) == 1) {
+ // Load data
+ $DATA = SQL_FETCHARRAY($result);
+
+ // Free result
SQL_FREERESULT($result);
+ // Is the surfbar installed?
+ if ((EXT_IS_ACTIVE("surfbar")) && ($_CONFIG['surfbar_migrate_order'] == "Y")) {
+ // Then "migrate" the URL to the surfbar
+ SURFBAR_ADMIN_MIGRATE_URL($DATA['url'], $DATA['sender']);
+ } // END - if
+
// Check for bonus extension version >= 0.4.4 for the order bonus
if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) {
// Add points directly
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%d LIMIT 1",
- array(bigintval($DATA[2])), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%s LIMIT 1",
+ array(bigintval($DATA['sender'])), __FILE__, __LINE__);
// Subtract bonus points from system
BONUS_POINTS_HANDLER($_CONFIG['bonus_order']);
- }
-
- // Check for surfbar extension
- if (EXT_IS_ACTIVE("surfbar")) {
- // Add the url
- $insertId = SURFBAR_ADMIN_ADD_URL($DATA[0], $DATA[2], $DATA[3]);
+ } // END - if
- // Load email template
- $msg_user = LOAD_EMAIL_TEMPLATE("order_accept_sb", $insertId, $DATA[2]);
- } else {
- // Load email template
- $msg_user = LOAD_EMAIL_TEMPLATE("order-accept", "", $DATA[2]);
- }
+ // Load email template
+ $msg_user = LOAD_EMAIL_TEMPLATE("order-accept", array(), $DATA['sender']);
// Send email
- SEND_EMAIL($DATA[2], MEMBER_ORDER_ACCEPTED, $msg_user);
- }
- }
+ SEND_EMAIL($DATA['sender'], MEMBER_ORDER_ACCEPTED, $msg_user);
+
+ // Unlock selected email
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1",
+ array($id), __FILE__, __LINE__);
+ } // END - if
+ } // END - foreach
// Set message
$MSG = ADMIN_MAILS_ACTIVATED;
if ($SEL > 0) {
// Reject mail orders
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$value) {
+ foreach ($_POST['sel'] as $id => $value) {
// Secure ID number
$id = bigintval($id);
// Load URL and subject from pool
- $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
- $DATA = SQL_FETCHROW($result);
+
+ // Load data
+ $DATA = SQL_FETCHARRAY($result);
+
+ // Free result
SQL_FREERESULT($result);
// Load email template and send it away
- $msg_user = LOAD_EMAIL_TEMPLATE("order-reject", "", $DATA[2]);
- SEND_EMAIL($DATA[2], MEMBER_ORDER_REJECTED, $msg_user);
+ $msg_user = LOAD_EMAIL_TEMPLATE("order-reject", array(), $DATA['sender']);
+ SEND_EMAIL($DATA['sender'], MEMBER_ORDER_REJECTED, $msg_user);
// If you do not enter an URL to redirect to, your URL will be set!
if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = URL;
// Redirect URL
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1",
array($_POST['redirect'], $id),__FILE__, __LINE__);
// Prepare data for the row template
} elseif ((isset($_POST['lock'])) || ($SEL > 0)) {
if ($SEL > 0) {
// Lock URLs
- foreach ($_POST['sel'] as $id=>$url) {
+ foreach ($_POST['sel'] as $id => $url) {
// Lookup in blacklist
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1",
array($url), __FILE__, __LINE__);
}
// Free memory
- SQL_FREERESULT($result);
+ SQL_FREERESULT($result_main);
define('__UNLOCK_ROWS', $OUT);
// Prepare rejection URL
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NO_MAILS_IN_POOL);
}
-CLOSE_TABLE();
//
?>
projects / mailer.git / blobdiff