Refback will be payed now (user cannot setup currently)
[mailer.git] / inc / modules / order.php
index 53d88eb..d320cbd 100644 (file)
 
 // Some security stuff...
 $URL = "";
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 } elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
        return;
-} elseif (!IS_LOGGED_IN()) {
+} elseif (!IS_MEMBER()) {
        // Sorry, no guest access!
        $URL = URL."/modules.php?module=index";
 } elseif (empty($_GET['order'])) {
@@ -63,22 +63,19 @@ if (empty($URL)) {
        }
 
        // Update sending pool
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
         array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
        // Finally is the entry valid?
-       if (SQL_AFFECTEDROWS($link) == 1) {
-               // Update his login data
-               UPDATE_LOGIN_DATA();
-
+       if (SQL_AFFECTEDROWS() == 1) {
                // Load personal data...
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
-               list($sex, $sname, $fname, $email) = SQL_FETCHROW($result);
+               list($gender, $sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
                // Load mail again...              0       1        2           3          4      5      6         7
-               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
                 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
                $DATA = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -90,21 +87,24 @@ if (empty($URL)) {
                // Update used points
                $ADD = "";
                if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1",
-                array($USED, $GLOBALS['userid']), __FILE__, __LINE__);
+               SUB_POINTS($GLOBALS['userid'], $USED);
 
-               // Update mediadata as well
-               if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
-                       // Update database
-                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $USED);
-               }
+               // Prepare content
+               $content = array(
+                       'blocks'   => $_CONFIG['max_send'],
+                       'subject'  => $DATA[0],
+                       'text'     => $DATA[1],
+                       'payment'  => GET_PAYMENT($DATA[3]),
+                       'category' => GET_CATEGORY($DATA[6]),
+                       'url'      => $DATA[5]
+               );
 
                // Send an email to the user
-               $msg_mem = LOAD_EMAIL_TEMPLATE("order-member", "", $GLOBALS['userid']);
+               $msg_mem = LOAD_EMAIL_TEMPLATE("order-member", $content, $GLOBALS['userid']);
                SEND_EMAIL($email, MEMBER_NEW_QUEUE, $msg_mem);
 
                // Notify admins about this
-               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_QUEUE, "order-admin", "", $GLOBALS['userid']);
+               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_QUEUE, "order-admin", $content, $GLOBALS['userid']);
 
                // Output back bottom
                LOAD_TEMPLATE("member_order-back", false);