X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fmember%2Fwhat-order.php;h=1180b53707d866c478b8926d5244ab6440d3970d;hp=e87be3b9acee37dcb492bc36f33a20fbd8b0876e;hb=8fad776382e63b3f73f8dbe289f229d79cfc2c22;hpb=e3934352dffa6eb9da59a137ae1a9414e5b4d80b

diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php
index e87be3b9ac..1180b53707 100644
--- a/inc/modules/member/what-order.php
+++ b/inc/modules/member/what-order.php
@@ -16,7 +16,7 @@
  * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
- * Copyright (c) 2009 - 2011 by Mailer Developer Team                   *
+ * Copyright (c) 2009 - 2012 by Mailer Developer Team                   *
  * For more information visit: http://mxchange.org                      *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
@@ -35,7 +35,7 @@
 
 // Some security stuff...
 if (!defined('__SECURITY')) {
-	die();
+	exit();
 } elseif (!isMember()) {
 	redirectToIndexMemberOnlyModule();
 }
@@ -54,7 +54,7 @@ $ALLOWED = getUserData('receive_mails') - getUserData('mail_orders');
 if (getConfig('order_max_full') == 'MAX') $ALLOWED = getUserData('receive_mails');
 
 // Now check his points amount
-$total = getTotalPoints(getMemberId());
+$totalPoints = getTotalPoints(getMemberId());
 
 if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (isUserDataEnabled('holiday_active'))) {
 	// Holiday is active!
@@ -63,7 +63,9 @@ if ((isExtensionInstalledAndNewer('holiday', '0.1.3')) && (isUserDataEnabled('ho
 	// Continue with the frametester, we first need to store the data temporary in the pool
 	//
 	// First we would like to store the data and get it's pool position back...
-	$result = SQL_QUERY_ESC("SELECT `id`,`data_type`
+	$result = SQL_QUERY_ESC("SELECT
+	`id`,
+	`data_type`
 FROM
 	`{?_MYSQL_PREFIX?}_pool`
 WHERE
@@ -98,7 +100,7 @@ LIMIT 1",
 			} // END - if
 
 			// Remove new-line and carriage-return characters
-			$TEST = str_replace("\n", '', str_replace("\r", '', postRequestElement('text')));
+			$TEST = str_replace(array(chr(10), chr(13)), array('', ''), postRequestElement('text'));
 
 			// Text length within allowed length?
 			if (strlen($TEST) > getConfig('max_tlength')) {
@@ -110,7 +112,7 @@ LIMIT 1",
 		// Shall I test the subject line against URLs?
 		if (getConfig('allow_url_in_subject') == 'Y') {
 			// Check the subject line for issues
-			setPostRequestElement('subject', str_replace("\\", '[nl]', substr(postRequestElement('subject'), 0, 200)));
+			setPostRequestElement('subject', str_replace(chr(92), '[nl]', substr(postRequestElement('subject'), 0, 200)));
 			if ((isInStringIgnoreCase('https://', postRequestElement('subject'))) || (isInStringIgnoreCase('http://', postRequestElement('subject'))) || (isInStringIgnoreCase('www', postRequestElement('subject')))) {
 				// URL in subject found
 				$url = 'modules.php?module=login&what=order&code=' . getCode('SUBJECT_URL');
@@ -158,7 +160,7 @@ LIMIT 1",
 				if (!isPostRequestElementSet('text')) $url = 'modules.php?module=login&what=order&code=' . getCode('INVALID_TAGS')."&id=".$id;
 			} else {
 				// Remove any HTML code
-				setPostRequestElement('text', str_replace('<', '{OPEN_HTML}', str_replace('>', '{CLOSE_HTML}', postRequestElement('text'))));
+				setPostRequestElement('text', str_replace(array('<', '>'), array('{OPEN_HTML}', '{CLOSE_HTML}'), postRequestElement('text')));
 			}
 		} // END - if
 
@@ -174,38 +176,29 @@ LIMIT 1",
 
 	// Still no error?
 	if (empty($url)) {
-		// Check if category and number of receivers is okay
-		$add = '';
-		if ((isOrderMultiPageEnabled()) && (isPostRequestElementSet('zip')) && (postRequestElement('zip') != '')) {
-			// Choose recipients by ZIP code
-			$add = sprintf(" AND d.zip LIKE '%s%%'",
-				bigintval(postRequestElement('zip'))
-			);
-		} // END - if
-
 		// Check for userids
 		$result = SQL_QUERY_ESC("SELECT
-	c.userid
+	c.`userid`
 FROM
 	`{?_MYSQL_PREFIX?}_user_cats` AS c
-LEFT JOIN
+INNER JOIN
 	`{?_MYSQL_PREFIX?}_user_data` AS d
 ON
-	c.userid=d.userid
+	c.`userid`=d.`userid`
 WHERE
-	c.cat_id=%s AND
-	c.userid != '%s' AND
-	d.`status`='CONFIRMED' AND
-	d.receive_mails > 0
-	".$add."
+	c.`cat_id`=%s AND
+	c.`userid` != %s AND
+	d.`status`='CONFIRMED'
+	" . runFilterChain('user_exclusion_sql', ' ') . " AND
+	d.`receive_mails` > 0
 ORDER BY
-	d.{?order_select?} {?order_mode?}",
+	d.`{?order_select?}` {?order_mode?}",
 			array(
 				bigintval(postRequestElement('cat')),
 				getMemberId()
 			), __FILE__, __LINE__);
 
-		// Do we enougth receivers left?
+		// Are there still receivers left?
 		if (SQL_NUMROWS($result) >= postRequestElement('receiver')) {
 			// Load receivers from database
 			$TEST = array(); $count = '0';
@@ -233,7 +226,7 @@ LIMIT 1",
 
 				if ($holidayContent['userid'] > 0) {
 					// Add receiver
-					$TEST[] = $holidayContent['userid'];
+					array_push($TEST, $holidayContent['userid']);
 					$count++;
 				} // END - if
 			} // END - while
@@ -260,7 +253,7 @@ LIMIT 1",
 			} // END - if
 
 			// Calculate used points
-			$USED = $content['target_send'] * getPaymentPoints(bigintval(postRequestElement('mail_type')));
+			$usedPoints = $content['target_send'] * getPaymentData(bigintval(postRequestElement('mail_type')));
 
 			// Fix empty zip code
 			if (!isPostRequestElementSet('zip')) {
@@ -268,8 +261,8 @@ LIMIT 1",
 			} // END - if
 
 			// Check if he has enougth points for this order and selected more than 0 receivers
-			if (($USED > 0) && ($USED <= $total) && ($content['target_send'] > 0)) {
-				// Gettings points is okay, so we can add $USED later from
+			if (($usedPoints > 0) && ($usedPoints <= $totalPoints) && ($content['target_send'] > 0)) {
+				// Gettings points is okay, so we can add $usedPoints later from
 				if (($id == '0') || ($type != 'TEMP')) {
 					// New order
 					$id = '0';
@@ -357,6 +350,9 @@ LIMIT 1",
 								bigintval(postRequestElement('zip'), true, false),
 							), __FILE__, __LINE__);
 					}
+
+					// Get insert id
+					$id = SQL_INSERTID();
 				} else {
 					// Change current order
 					if (isExtensionActive('html_mail')) {
@@ -420,24 +416,10 @@ LIMIT 1",
 					}
 				}
 
-				// Do we need to get the id number?
-				if ($id == '0') {
-					// Order is placed as temporary. We need to get it's id for the frametester
-					$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `sender`=%s AND `subject`='%s' AND `payment_id`=%s AND `data_type`='TEMP' AND `timestamp`=UNIX_TIMESTAMP() LIMIT 1",
-						array(
-							getMemberId(),
-							postRequestElement('subject'),
-							bigintval(postRequestElement('mail_type'))
-						), __FILE__, __LINE__);
-
-					// Get pool id
-					list($id) = SQL_FETCHROW($result);
-
-					// Free result
-					SQL_FREERESULT($result);
-				} // END - if
+				// Make sure only valid id numbers can pass
+				assert((!is_bool($id)) && ($id > 0));
 
-				// id is received so we can redirect the user, used points will be added when he send's out the mail
+				// Id is received so we can redirect the user, used points will be added when he send's out the mail
 				$url = 'modules.php?module=frametester&amp;order=' . $id;
 			} elseif ($content['target_send'] == '0') {
 				// Not enougth receivers found which can receive mails
@@ -466,14 +448,18 @@ LIMIT 1",
 
 	// Display order form
 	$result_cats = SQL_QUERY("SELECT
-	`id`,`cat`
+	`id`,
+	`cat`
 FROM
 	`{?_MYSQL_PREFIX?}_cats`
 ".$whereStatement."
 ORDER BY
 	`sort` ASC", __FILE__, __LINE__);
+
+	// Some categories found?
 	if (!SQL_HASZERONUMS($result_cats)) {
-		if ($total > 0) {
+		// Enought points left?
+		if ($totalPoints > 0) {
 			// Initialize array...
 			$categories = array(
 				'id'      => array(),
@@ -495,7 +481,7 @@ ORDER BY
 			// ... and begin loading stuff
 			while ($categoriesContent = SQL_FETCHARRAY($result_cats)) {
 				$categories['id'][]   = bigintval($categoriesContent['id']);
-				$categories['name'][] = $categoriesContent['cat'];
+				array_push($categories['name'], $categoriesContent['cat']);
 
 				// Select users in current category
 				$result_userids = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_cats` WHERE `cat_id`=%s AND `userid` != '%s' ORDER BY `userid` ASC",
@@ -508,20 +494,20 @@ ORDER BY
 					if (isExtensionInstalledAndNewer('holiday', '0.1.3')) {
 						// Check user's holiday status
 						$result_holiday = SQL_QUERY_ESC("SELECT
-	COUNT(d.userid) AS `cnt`
+	COUNT(d.`userid`) AS `cnt`
 FROM
 	`{?_MYSQL_PREFIX?}_user_data` AS d
 LEFT JOIN
 	`{?_MYSQL_PREFIX?}_user_holidays` AS h
 ON
-	d.userid=h.userid
+	d.`userid`=h.`userid`
 WHERE
-	d.userid=%s AND
-	d.receive_mails > 0 AND
+	d.`userid`=%s AND
+	d.`receive_mails` > 0 AND
 	d.`status`='CONFIRMED' AND
 	d.`holiday_active`='Y' AND
-	h.holiday_start < UNIX_TIMESTAMP() AND
-	h.holiday_end > UNIX_TIMESTAMP()
+	h.`holiday_start` < UNIX_TIMESTAMP() AND
+	h.`holiday_end` > UNIX_TIMESTAMP()
 LIMIT 1",
 							array(bigintval($userid)), __FILE__, __LINE__);
 
@@ -559,7 +545,7 @@ LIMIT 1",
 
 				// Free memory
 				SQL_FREERESULT($result_userids);
-				$categories['userids'][] = $userid_cnt;
+				array_push($categories['userids'], $userid_cnt);
 			} // END - while
 
 			// Free memory
@@ -570,24 +556,22 @@ LIMIT 1",
 
 			$types = array();
 			if (!SQL_HASZERONUMS($result)) {
-				// Check for message id in URL
-				$message = getMessageFromErrorCode(getRequestElement('code'));
-
-				if (!empty($message)) {
-					// We got system message so we drop it out to the user
-					displayMessage($message);
+				// Is the error code set?
+				if (isGetRequestElementSet('code')) {
+					// Display error message
+					displayMessage(getMessageFromErrorCode(getRequestElement('code')));
 				} // END - if
 
 				// Load all email types...
-				while ($types[] = SQL_FETCHROW($result)) {
-					// Nothing to do here... ;-)
+				while ($type = SQL_FETCHARRAY($result)) {
+					array_push($types, $type);
 				} // END - while
 
 				// Free memory
 				SQL_FREERESULT($result);
 
 				// Output user's points
-				$content['total_points'] = $total;
+				$content['total_points'] = $totalPoints;
 
 				// Check how many mail orders he has placed today and how many he's allowed to send
 				switch (getConfig('order_max_full')) {
@@ -616,7 +600,14 @@ LIMIT 1",
 
 				// Check if we already have an order placed and make it editable
 				$result = SQL_QUERY_ESC("SELECT
-	`subject`,`text`,`payment_id`,`timestamp`,`url`,`target_send`,`cat_id`,`zip`
+	`subject`,
+	`text`,
+	`payment_id`,
+	`timestamp`,
+	`url`,
+	`target_send`,
+	`cat_id`,
+	`zip`
 FROM
 	`{?_MYSQL_PREFIX?}_pool`
 WHERE
@@ -641,8 +632,8 @@ LIMIT 1",
 					// Default output for that your members don't forget it...
 					$content['url']         = 'http://';
 					$content['target_send'] = '{?order_min?}';
-					$content['subject']     = '{--ORDER_DEFAULT_SUBJECT--}';
-					$content['text']        = '{--ORDER_DEFAULT_TEXT--}';
+					$content['subject']     = '';
+					$content['text']        = '';
 				}
 
 				// Free result
@@ -650,21 +641,16 @@ LIMIT 1",
 
 				if ((isPostRequestElementSet('data')) || ((getOrderMultiPage() != 'Y') && ((!isAdmin()) && (!isExtensionActive('html_mail'))))) {
 					// Pre-output categories
-					$content['category_selection'] = '';
-					foreach ($categories['id'] as $key => $value) {
-						$content['category_selection'] .= '      <option value="' . $value . '"';
-						if (($OLD_ORDER) && ($content['cat_id'] == $value)) $content['category_selection'] .= ' selected="selected"';
-						$content['category_selection'] .= '>' . $categories['name'][$key] . ' (' . $categories['userids'][$key] . ' {--USER_IN_CAT--})</option>';
-					} // END - foreach
+					$content['category_selection'] = generateCategoryOptionsList(((isExtensionActive('html_mail')) && (isPostRequestElementSet('html'))) ? postRequestElement('html') : 'N', getMemberId());
 
 					// Mail type
 					$content['type_selection'] = '';
 					foreach ($types as $key => $value) {
 						if (is_array($value)) {
 							// Output option line
-							$content['type_selection'] .= '      <option value="' . $types[$key][0] . '"';
-							if (($OLD_ORDER) && ($content['payment_id'] == $types[$key][0])) $content['type_selection'] .= ' selected="selected"';
-							$content['type_selection'] .= '>{%pipe,translateComma=' . $types[$key][1] . '%} {--PER_MAIL--} - ' . $types[$key][3] . ' - ' . round($types[$key][2]) . ' {--PAYMENT--}</option>';
+							$content['type_selection'] .= '      <option value="' . $types[$key]['id'] . '"';
+							if (($OLD_ORDER) && ($content['payment_id'] == $types[$key]['id'])) $content['type_selection'] .= ' selected="selected"';
+							$content['type_selection'] .= '>{%pipe,translateComma=' . $types[$key]['price'] . '%} {--PER_MAIL--} - ' . $types[$key]['mail_title'] . ' - ' . round($types[$key]['payment']) . ' {--PAYMENT--}</option>';
 						} // END - if
 					} // END - foreach
 
@@ -673,29 +659,29 @@ LIMIT 1",
 
 					if (isPostRequestElementSet('zip')) {
 						// Output entered ZIP code
-						$content['zip_content'] = loadTemplate('member_order-zip2', true, postRequestElement('zip'));
+						$content['zip_content'] = loadTemplate('member_order_zip2', true, postRequestElement('zip'));
 					} // END - if
 
+					// No HTML extension installed by default
+					$content['html_extension'] = '<input type="hidden" name="html" value="N" />';
+
 					// HTML extension
 					if ((isExtensionActive('html_mail')) && (postRequestElement('html') == 'Y')) {
 						// Extension is active so output valid HTML tags
-						$content['html_extension'] = loadTemplate('member_order-html_ext', true, addValidHtmlTags());
-					} else {
-						// Extension not active and/or class not uploaded
-						$content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
-					}
+						$content['html_extension'] = loadTemplate('member_order_html_ext', true);
+					} // END - if
 
 					// Output form for page 2
 					loadTemplate('member_order_page2', false, $content);
 				} else {
+					// No HTML extension installed by default
+					$content['html_extension'] = '<input type="hidden" name="html" value="N" />';
+
 					// Remember maybe entered ZIP code in constant
 					if (isExtensionActive('html_mail')) {
 						// Add some content when html extension is active
-						$content['html_extension'] = loadTemplate('member_order-html_intro', true);
-					} else {
-						// No HTML extension installed
-						$content['html_extension'] = '<tr><td colspan="3"><input type="hidden" name="html" value="N" /></td></tr>';
-					}
+						$content['html_extension'] = loadTemplate('member_order_html_intro', true);
+					} // END - if
 
 					// Default is no ZIP code
 					$content['zip_content'] = '';
@@ -712,7 +698,7 @@ LIMIT 1",
 								'zip' => ''
 							);
 						}
-						$content['zip_content'] = loadTemplate('member_order-zip1', true, $data);
+						$content['zip_content'] = loadTemplate('member_order_zip1', true, $data);
 					} // END - if
 
 					// Output form for page 1 (ZIP code or HTML)