Refback will be payed now (user cannot setup currently)
[mailer.git] / inc / modules / order.php
index bd0d656..d320cbd 100644 (file)
 
 // Some security stuff...
 $URL = "";
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
-}
- elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN()))
-{
+} elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
        return;
-}
- elseif (!IS_LOGGED_IN())
-{
+} elseif (!IS_MEMBER()) {
        // Sorry, no guest access!
        $URL = URL."/modules.php?module=index";
-}
- elseif (empty($_GET['order']))
-{
+} elseif (empty($_GET['order'])) {
        // You cannot call this module directly!
        $URL = URL."/modules.php?module=login&what=order";
 }
 
 // When URL is empty nothing bad happend here
-if (empty($URL))
-{
+if (empty($URL)) {
        // Is the auto-send mechanism active or inactive?
-       if ($CONFIG['autosend_active'] == "Y")
-       {
+       if ($_CONFIG['autosend_active'] == "Y") {
                // Auto-send is active
                define('ADMIN_AUTOSEND',  COMPILE_CODE(ADMIN_AUTOSEND_ACTIVE));
                define('MEMBER_AUTOSEND', COMPILE_CODE(MEMBER_AUTOSEND_ACTIVE));
-               $TYPE = "NEW";
-       }
-        else
-       {
+               $type = "NEW";
+       } else {
                // Auto-send is inactive
                define('ADMIN_AUTOSEND',  COMPILE_CODE(ADMIN_AUTOSEND_INACTIVE));
                define('MEMBER_AUTOSEND', COMPILE_CODE(MEMBER_AUTOSEND_INACTIVE));
-               $TYPE = "ADMIN";
+               $type = "ADMIN";
        }
 
        // Update sending pool
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
-        array($TYPE, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
+        array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
        // Finally is the entry valid?
-       if (SQL_AFFECTEDROWS($link) == 1)
-       {
-               // Update his login data
-               UPDATE_LOGIN_DATA();
-
+       if (SQL_AFFECTEDROWS() == 1) {
                // Load personal data...
-               $result = SQL_QUERY_ESC("SELECT sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
-               list($sex, $sname, $fname, $email) = SQL_FETCHROW($result);
+               list($gender, $sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
 
                // Load mail again...              0       1        2           3          4      5      6         7
-               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
                 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
                $DATA = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -101,44 +86,34 @@ if (empty($URL))
 
                // Update used points
                $ADD = "";
-               if ($CONFIG['order_max'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s".$ADD." WHERE userid=%d LIMIT 1",
-                array($USED, $GLOBALS['userid']), __FILE__, __LINE__);
+               if ($_CONFIG['order_max_full'] == "ORDER") $ADD = ", mail_orders=mail_orders+1";
+               SUB_POINTS($GLOBALS['userid'], $USED);
 
-               // Update mediadata as well
-               if (GET_EXT_VERSION("mediadata") >= "0.0.4")
-               {
-                       // Update database
-                       MEDIA_UPDATE_ENTRY(array("total_points"), "sub", $USED);
-               }
+               // Prepare content
+               $content = array(
+                       'blocks'   => $_CONFIG['max_send'],
+                       'subject'  => $DATA[0],
+                       'text'     => $DATA[1],
+                       'payment'  => GET_PAYMENT($DATA[3]),
+                       'category' => GET_CATEGORY($DATA[6]),
+                       'url'      => $DATA[5]
+               );
 
                // Send an email to the user
-               $msg_mem = LOAD_EMAIL_TEMPLATE("order-member", "", $GLOBALS['userid']);
+               $msg_mem = LOAD_EMAIL_TEMPLATE("order-member", $content, $GLOBALS['userid']);
                SEND_EMAIL($email, MEMBER_NEW_QUEUE, $msg_mem);
 
                // Notify admins about this
-               if (GET_EXT_VERSION("admins") >= "0.4.1")
-               {
-                       SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_QUEUE, "order-admin", "", $GLOBALS['userid']);
-               }
-                else
-               {
-                       $msg_admin = LOAD_EMAIL_TEMPLATE("order-admin", "", $GLOBALS['userid']);
-                       SEND_ADMIN_EMAILS(ADMIN_NEW_QUEUE, $msg_admin);
-               }
+               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_QUEUE, "order-admin", $content, $GLOBALS['userid']);
 
                // Output back bottom
                LOAD_TEMPLATE("member_order-back", false);
-       }
-        else
-       {
+       } else {
                // Matching line not found or already "placed" in send queue
                $URL = URL."/modules.php?module=login";
                LOAD_URL($URL);
        }
-}
- else
-{
+} else {
        // Redirect...
        LOAD_URL($URL);
 }