Refback will be payed now (user cannot setup currently)

[mailer.git] / inc / modules / order.php
diff --git a/inc/modules/order.php b/inc/modules/order.php

index 53d88eb7783fea5cee0bfeb440f1ff1da0e68b19..d320cbddae7fea9a354d87acc752d1518011de1b 100644 (file)
--- a/inc/modules/order.php
+++ b/inc/modules/order.php
@@ -33,13 +33,13 @@
  
  // Some security stuff...
  $URL = "";
  
  // Some security stuff...
  $URL = "";
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
         require($INC);
  } elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
         ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
         return;
         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
         require($INC);
  } elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
         ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
         return;
-} elseif (!IS_LOGGED_IN()) {
+} elseif (!IS_MEMBER()) {
         // Sorry, no guest access!
         $URL = URL."/modules.php?module=index";
  } elseif (empty($_GET['order'])) {
         // Sorry, no guest access!
         $URL = URL."/modules.php?module=index";
  } elseif (empty($_GET['order'])) {
@@ -63,22 +63,19 @@ if (empty($URL)) {
         }
  
         // Update sending pool
         }
  
         // Update sending pool
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
          array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
  
         // Finally is the entry valid?
          array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
  
         // Finally is the entry valid?
-       if (SQL_AFFECTEDROWS($link) == 1) {
-               // Update his login data
-               UPDATE_LOGIN_DATA();
-
+       if (SQL_AFFECTEDROWS() == 1) {
                 // Load personal data...
                 // Load personal data...
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                  array($GLOBALS['userid']), __FILE__, __LINE__);
                  array($GLOBALS['userid']), __FILE__, __LINE__);
-               list($sex, $sname, $fname, $email) = SQL_FETCHROW($result);
+               list($gender, $sname, $fname, $email) = SQL_FETCHROW($result);
                 SQL_FREERESULT($result);
  
                 // Load mail again...              0       1        2           3          4      5      6         7
                 SQL_FREERESULT($result);
  
                 // Load mail again...              0       1        2           3          4      5      6         7
-               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
                  array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
                 $DATA = SQL_FETCHROW($result);
                 SQL_FREERESULT($result);
                  array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
                 $DATA = SQL_FETCHROW($result);
                 SQL_FREERESULT($result);
@@ -90,21 +87,24 @@ if (empty($URL)) {
                 // Update used points
                 $ADD = "";
                 if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
                 // Update used points
                 $ADD = "";
                 if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1",
-                array($USED, $GLOBALS['userid']), __FILE__, __LINE__);
+               SUB_POINTS($GLOBALS['userid'], $USED);
  
  
-               // Update mediadata as well
-               if (GET_EXT_VERSION("mediadata") >= "0.0.4") {
-                       // Update database
-                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $USED);
-               }
+               // Prepare content
+               $content = array(
+                       'blocks'   => $_CONFIG['max_send'],
+                       'subject'  => $DATA[0],
+                       'text'     => $DATA[1],
+                       'payment'  => GET_PAYMENT($DATA[3]),
+                       'category' => GET_CATEGORY($DATA[6]),
+                       'url'      => $DATA[5]
+               );
  
                 // Send an email to the user
  
                 // Send an email to the user
-               $msg_mem = LOAD_EMAIL_TEMPLATE("order-member", "", $GLOBALS['userid']);
+               $msg_mem = LOAD_EMAIL_TEMPLATE("order-member", $content, $GLOBALS['userid']);
                 SEND_EMAIL($email, MEMBER_NEW_QUEUE, $msg_mem);
  
                 // Notify admins about this
                 SEND_EMAIL($email, MEMBER_NEW_QUEUE, $msg_mem);
  
                 // Notify admins about this
-               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_QUEUE, "order-admin", "", $GLOBALS['userid']);
+               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_QUEUE, "order-admin", $content, $GLOBALS['userid']);
  
                 // Output back bottom
                 LOAD_TEMPLATE("member_order-back", false);
  
                 // Output back bottom
                 LOAD_TEMPLATE("member_order-back", false);