X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-unlock_emails.php;h=00db3aaf66d0dddf8096805073a9d845c2499fa3;hp=89da1f3e73feb4c4dd2645a6d22a0f83e0cb425c;hb=4001187f22197f55e5a1f211fc8defcc180f7c32;hpb=2da53ff496ae7ea2043c2b03323b5d6852eb0bea diff --git a/inc/modules/admin/what-unlock_emails.php b/inc/modules/admin/what-unlock_emails.php index 89da1f3e73..00db3aaf66 100644 --- a/inc/modules/admin/what-unlock_emails.php +++ b/inc/modules/admin/what-unlock_emails.php @@ -32,87 +32,85 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) { +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // Add description as navigation point -ADD_DESCR("admin", basename(__FILE__)); +ADD_DESCR("admin", __FILE__); // Define some variables -global $DATA, $link; +global $DATA; // Check for mails -$result_main = SQL_QUERY("SELECT id, sender, subject, payment_id, timestamp, url, target_send, cat_id FROM "._MYSQL_PREFIX."_pool WHERE data_type='ADMIN' ORDER BY timestamp", __FILE__, __LINE__); +$result_main = SQL_QUERY("SELECT `id`, `sender`, `subject`, `payment_id` AS `payment`, `timestamp`, `url`, `target_send`, `cat_id` AS `category` +FROM `{!_MYSQL_PREFIX!}_pool` +WHERE `data_type`='ADMIN' +ORDER BY `timestamp` ASC", __FILE__, __LINE__); -OPEN_TABLE("100%", "admin_content admin_content_align", ""); -if ((SQL_NUMROWS($result_main) > 0) || (isset($_POST['lock']))) { +if ((SQL_NUMROWS($result_main) > 0) || (REQUEST_ISSET_POST(('lock')))) { // Count checked checkboxes $SEL = 0; - if (isset($_POST['sel'])) { + if (REQUEST_ISSET_POST('sel')) { // Are there checked boxes? - if (count($_POST['sel']) > 0) { + if (count(REQUEST_POST('sel')) > 0) { // Count now... We use an own function for now - $SEL = SELECTION_COUNT($_POST['sel']); + $SEL = SELECTION_COUNT(REQUEST_POST('sel')); } // END - if } // END - if - if (isset($_POST['accept'])) { + if (REQUEST_ISSET_POST(('accept'))) { if ($SEL > 0) { // Accept mail orders - foreach ($_POST['sel'] as $id => $value) { + foreach (REQUEST_POST('sel') as $id => $value) { // Secure ID number $id = bigintval($id); - // Unlock selected email - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1", - array($id), __FILE__, __LINE__); - - // Update wents fine? - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) { - // Order placed in queue... 0 1 2 3 4 - $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id -FROM "._MYSQL_PREFIX."_pool AS po -INNER JOIN "._MYSQL_PREFIX."_payments AS pay + // Order placed in queue... + $result = SQL_QUERY_ESC("SELECT po.url, po.subject, po.sender, pay.payment, po.payment_id +FROM `{!_MYSQL_PREFIX!}_pool` AS po +INNER JOIN `{!_MYSQL_PREFIX!}_payments` AS pay ON po.payment_id=pay.id WHERE po.id=%s LIMIT 1", - array($id), __FILE__, __LINE__); + array($id), __FILE__, __LINE__); + // Update wents fine? + if (SQL_NUMROWS($result) == 1) { // Load data $DATA = SQL_FETCHARRAY($result); // Free result SQL_FREERESULT($result); + // Is the surfbar installed? + if ((EXT_IS_ACTIVE("surfbar")) && (getConfig('surfbar_migrate_order') == "Y")) { + // Then "migrate" the URL to the surfbar + SURFBAR_ADMIN_MIGRATE_URL($DATA['url'], $DATA['sender']); + } // END - if + // Check for bonus extension version >= 0.4.4 for the order bonus - if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) { + if ((GET_EXT_VERSION("bonus") >= "0.4.4") && (getConfig('bonus_active') == "Y")) { // Add points directly - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_order=bonus_order+".$_CONFIG['bonus_order']." WHERE userid=%s LIMIT 1", - array(bigintval($DATA['sender'])), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET bonus_order=bonus_order+".getConfig('bonus_order')." WHERE userid=%s LIMIT 1", + array(bigintval($DATA['sender'])), __FILE__, __LINE__); // Subtract bonus points from system - BONUS_POINTS_HANDLER($_CONFIG['bonus_order']); - } - - // Check for surfbar extension - $msg_user = "MISSING"; - if (EXT_IS_ACTIVE("surfbar")) { - // Add the url - $insertId = SURFBAR_ADMIN_ADD_URL($DATA['url'], $DATA['sender'], $DATA['payment'], $DATA['payment_id']); - - // Load email template - $msg_user = LOAD_EMAIL_TEMPLATE("order_accept_sb", $insertId, $DATA['sender']); - } else { - // Load email template - $msg_user = LOAD_EMAIL_TEMPLATE("order-accept", "", $DATA['sender']); - } + BONUS_POINTS_HANDLER(getConfig('bonus_order')); + } // END - if + + // Load email template + $msg_user = LOAD_EMAIL_TEMPLATE("order-accept", array(), $DATA['sender']); // Send email SEND_EMAIL($DATA['sender'], MEMBER_ORDER_ACCEPTED, $msg_user); - } - } + + // Unlock selected email + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET data_type='NEW' WHERE id=%s AND data_type='ADMIN' LIMIT 1", + array($id), __FILE__, __LINE__); + } // END - if + } // END - foreach // Set message $MSG = ADMIN_MAILS_ACTIVATED; @@ -123,17 +121,17 @@ LIMIT 1", // Mails unlocked for mail delivery LOAD_TEMPLATE("admin_settings_saved", false, $MSG); - } elseif (isset($_POST['reject'])) { + } elseif (REQUEST_ISSET_POST(('reject'))) { if ($SEL > 0) { // Reject mail orders - $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id=>$value) { + $OUT = ""; $SW = 2; + foreach (REQUEST_POST('sel') as $id => $value) { // Secure ID number $id = bigintval($id); // Load URL and subject from pool - $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1", - array($id), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT url, subject, sender FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1", + array($id), __FILE__, __LINE__); // Load data $DATA = SQL_FETCHARRAY($result); @@ -142,21 +140,21 @@ LIMIT 1", SQL_FREERESULT($result); // Load email template and send it away - $msg_user = LOAD_EMAIL_TEMPLATE("order-reject", "", $DATA['sender']); + $msg_user = LOAD_EMAIL_TEMPLATE("order-reject", array(), $DATA['sender']); SEND_EMAIL($DATA['sender'], MEMBER_ORDER_REJECTED, $msg_user); // If you do not enter an URL to redirect to, your URL will be set! - if ((empty($_POST['redirect'])) || ($_POST['redirect'] == "http://")) $_POST['redirect'] = URL; + if ((!REQUEST_ISSET_POST(('redirect'))) || (REQUEST_POST('redirect') == "http://")) REQUEST_SET_POST('redirect', constant('URL')); // Redirect URL - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1", - array($_POST['redirect'], $id),__FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET url='%s', data_type='NEW' WHERE id=%s LIMIT 1", + array(REQUEST_POST('redirect'), $id),__FILE__, __LINE__); // Prepare data for the row template $content = array( 'sw' => $SW, 'id' => $id, - 'url' => $_POST['url'][$id], + 'url' => REQUEST_POST('url', $id), ); // Load row template and switch colors @@ -169,79 +167,77 @@ LIMIT 1", LOAD_TEMPLATE("admin_unlock_emails_redir"); } else { // Nothing selected - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_MAILS_NOTHING_CHECKED); - } - } elseif ((isset($_POST['lock'])) || ($SEL > 0)) { - if ($SEL > 0) { - // Lock URLs - foreach ($_POST['sel'] as $id=>$url) { - // Lookup in blacklist - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1", - array($url), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) { - // Did not find a record so we can add it... :) - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_url_blist (url, timestamp) VALUES ('%s', UNIX_TIMESTAMP())", - array($url), __FILE__, __LINE__); - } else { - // Free memory - SQL_FREERESULT($result); - } - } - - // Set message - $MSG = ADMIN_URLS_BLOCKED; - } else { - // Nothing selected - $MSG = ADMIN_MAILS_NOTHING_CHECKED; + LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_MAILS_NOTHING_CHECKED')); } - LOAD_TEMPLATE("admin_settings_saved", false, $MSG); - } elseif ((empty($_POST['lock'])) && (empty($_POST['accept'])) && (empty($_POST['reject']))) { + } elseif ((REQUEST_ISSET_POST(('lock'))) && ($SEL > 0) && (getConfig('url_blacklist') == "Y")) { + // Lock URLs + foreach (REQUEST_POST('sel') as $id => $url) { + // Secure id number + $id = bigintval($id); + + // Lookup in blacklist + $result = SQL_QUERY_ESC("SELECT `id` FROM `{!_MYSQL_PREFIX!}_url_blacklist` WHERE `url`='%s' LIMIT 1", + array($url), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 0) { + // Did not find a record so we can add it... :) + SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_url_blacklist` (`url`,`pool_id`) VALUES ('%s',%s)", + array($url, $id), __FILE__, __LINE__); + } // END - if + + // Free memory + SQL_FREERESULT($result); + } // END - foreach + + // Output message + LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URLS_BLOCKED')); + } elseif ((!REQUEST_ISSET_POST(('lock'))) && (!REQUEST_ISSET_POST(('accept'))) && (!REQUEST_ISSET_POST(('reject'))) && (getConfig('url_blacklist') == "Y")) { // Mail orders are in pool so we can display them - $SW = 2; $OUT = ""; - while (list($id, $sender, $subj, $pay, $time, $url, $tsend, $cat) = SQL_FETCHROW($result_main)) - { + $OUT = ""; $SW = 2; + while ($content = SQL_FETCHARRAY($result_main)) { // Prepare data for the template $content = array( 'sw' => $SW, - 'id' => $id, - 'sender' => $sender, - 'u_link' => ADMIN_USER_PROFILE_LINK($sender), - 'subj' => COMPILE_CODE($subj), - 'tester' => FRAMETESTER($url), - 'url' => $url, - 'cat_title' => str_replace("\"", """, GET_CATEGORY($cat)), - 'cat_link' => $cat, - 'pay_title' => str_replace("\"", """, GET_PAYMENT($pay, true)), - 'pay_link' => $pay, - 'ordered' => MAKE_DATETIME($time, "2"), - 'tsend' => $tsend, + 'id' => $content['id'], + 'sender' => $content['sender'], + 'u_link' => ADMIN_USER_PROFILE_LINK($content['sender']), + 'subj' => COMPILE_CODE($content['subject']), + 'tester' => FRAMETESTER($content['url']), + 'url' => $content['url'], + 'cat_title' => str_replace("\"", """, GET_CATEGORY($content['category'])), + 'cat_link' => $content['category'], + 'pay_title' => str_replace("\"", """, GET_PAYMENT($content['payment'], true)), + 'pay_link' => $content['payment'], + 'ordered' => MAKE_DATETIME($content['timestamp'], "2"), + 'tsend' => $content['target_send'], ); // Load row template and switch colors $OUT .= LOAD_TEMPLATE("admin_unlock_emails_row", true, $content); $SW = 3 - $SW; - } + } // END - while // Free memory - SQL_FREERESULT($result); + SQL_FREERESULT($result_main); define('__UNLOCK_ROWS', $OUT); // Prepare rejection URL $REJECT = "http://"; - if (GET_EXT_VERSION("other") >= "0.1.6") $REJECT = $_CONFIG['reject_url']; + if (GET_EXT_VERSION("other") >= "0.1.6") $REJECT = getConfig('reject_url'); define('__REJECT_URL', $REJECT); // Load main template LOAD_TEMPLATE("admin_unlock_emails"); + } elseif ((REQUEST_ISSET_POST(('lock'))) && (getConfig('url_blacklist') != "Y")) { + // URL blacklist not activated + LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_URL_BLACKLIST_DISABLED')); } else { // Wrong call! - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_WRONG_CALL); + LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_WRONG_CALL')); } } else { // No mail orders fond - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NO_MAILS_IN_POOL); + LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NO_MAILS_IN_POOL')); } -CLOSE_TABLE(); // ?>