X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fmember%2Fwhat-transfer.php;h=59d36bc655c7eeef9a58ca7d21c3ed6ba0a2203a;hp=13386b10d4a2c275e9a8835be964cd950592f887;hb=82d53dfb7f59fa1e37bd500e3db3d10a9d4a78da;hpb=4d6226782aa4ba157dca8c3891412ba50159481f diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php index 13386b10d4..59d36bc655 100644 --- a/inc/modules/member/what-transfer.php +++ b/inc/modules/member/what-transfer.php @@ -32,17 +32,12 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); -} - elseif (!IS_LOGGED_IN()) -{ - LOAD_URL(URL."/modules.php?module=index"); -} - elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN())) -{ +} elseif (!IS_MEMBER()) { + LOAD_URL("modules.php?module=index"); +} elseif ((!EXT_IS_ACTIVE("transfer")) && (!IS_ADMIN())) { ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "transfer"); return; } @@ -51,7 +46,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load data -$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", +$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($opt_in) = SQL_FETCHROW($result); @@ -62,33 +57,33 @@ $MODE = ""; if (!empty($_GET['mode'])) $MODE = $_GET['mode']; // Check for "faker" -if (($opt_in == 'N') && ($MODE == "new")) $MODE = ""; +if (($opt_in == "N") && ($MODE == "new")) $MODE = ""; switch ($MODE) { case "new": // Start new transfer // Get total points and subtract the balance amount from it = maximum transferable points - $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND points > 0", + $result = SQL_QUERY_ESC("SELECT SUM(points) FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND points > 0", array($GLOBALS['userid']), __FILE__, __LINE__); list($total) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Get totally used points and password - $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT used_points, password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); list($used, $pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); // Remember maximum value for template - define('__TRANSFER_MAX_VALUE', round($total - $used - $CONFIG['transfer_balance'] - 0.5)); + define('__TRANSFER_MAX_VALUE', round($total - $used - $_CONFIG['transfer_balance'] - 0.5)); if (isset($_POST['ok'])) { // Add new transfer - if ($CONFIG['transfer_code'] > 0) + if ($_CONFIG['transfer_code'] > 0) { // Check for code - $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE); + $code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $_POST['code_chk'], $GLOBALS['userid'], __TRANSFER_MAX_VALUE); $valid_code = ($code == $_POST['code']); } else @@ -117,26 +112,26 @@ case "new": // Start new transfer $nick = true; } // Re-check receivers and own personal data - $result = SQL_QUERY_ESC("SELECT userid, sex, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2", + $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s', '%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2", array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__); $valid_data = (SQL_NUMROWS($result) == 2); if ($valid_code && $valid_pass && $valid_amount && $valid_reason && $valid_recipient) { // Let's start the transfer and load user data - list($uid1, $sex1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result); - list($uid2, $sex2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result); + list($uid1, $gender1, $sname1, $fname1, $email1, $nick1) = SQL_FETCHROW($result); + list($uid2, $gender2, $sname2, $fname2, $email2, $nick2) = SQL_FETCHROW($result); SQL_FREERESULT($result); if ($uid1 == $GLOBALS['userid']) { // Data row 1 is sender's data - define('__SENDER_SEX' , TRANSLATE_SEX($sex1)); + define('__SENDER_GENDER' , TRANSLATE_GENDER($gender1)); define('__SENDER_NICK' , $nick1); define('__SENDER_SNAME' , $sname1); define('__SENDER_FNAME' , $fname1); define('__SENDER_EMAIL' , $email1); // Data row 2 is recpient's data - define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex2)); + define('__RECIPIENT_GENDER' , TRANSLATE_GENDER($gender2)); define('__RECIPIENT_NICK' , $nick2); define('__RECIPIENT_SNAME', $sname2); define('__RECIPIENT_FNAME', $fname2); @@ -149,13 +144,13 @@ case "new": // Start new transfer else { // Data row 2 is sender's data - define('__SENDER_SEX' , TRANSLATE_SEX($sex2)); + define('__SENDER_GENDER' , TRANSLATE_GENDER($gender2)); define('__SENDER_NICK' , $nick2); define('__SENDER_SNAME' , $sname2); define('__SENDER_FNAME' , $fname2); define('__SENDER_EMAIL' , $email2); // Data row 1 is recpient's data - define('__RECIPIENT_SEX' , TRANSLATE_SEX($sex1)); + define('__RECIPIENT_GENDER' , TRANSLATE_GENDER($gender1)); define('__RECIPIENT_NICK' , $nick1); define('__RECIPIENT_SNAME', $sname1); define('__RECIPIENT_FNAME', $fname1); @@ -187,11 +182,11 @@ case "new": // Start new transfer define('__TRANSFER_REASON', $_POST['reason']); if (function_exists('CREATE_FANCY_TIME')) { - define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($CONFIG['transfer_age'])); + define('__TRANSFER_EXPIRES', CREATE_FANCY_TIME($_CONFIG['transfer_age'])); } else { - define('__TRANSFER_EXPIRES', round($CONFIG['transfer_age']/60/60/24)." ".DAYS); + define('__TRANSFER_EXPIRES', round($_CONFIG['transfer_age']/60/60/24)." ".DAYS); } // Generate tranafer id @@ -206,12 +201,11 @@ case "new": // Start new transfer __FILE__, __LINE__); // Add points to account *directly* ... - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+%s WHERE userid=%s AND ref_depth=0 LIMIT 1", array(bigintval($_POST['points']), bigintval($_POST['to_uid'])), __FILE__, __LINE__); // ... and add it to current user's used points - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET used_points=used_points+%s WHERE userid=%d LIMIT 1", - array(bigintval($_POST['points']), $GLOBALS['userid']), __FILE__, __LINE__); + SUB_POINTS($GLOBALS['userid'], $_POST['points']); // First send email to recipient $msg = LOAD_EMAIL_TEMPLATE("member_transfer_recipient", "", __RECIPIENT_UID); @@ -222,21 +216,11 @@ case "new": // Start new transfer SEND_EMAIL(__SENDER_EMAIL, TRANSFER_MEMBER_SENDER_SUBJ.": ".$RECIPIENT, $msg); // At last send admin mail(s) - $ADMIN_SUBJ = TRANSFER_ADMIN_SUBJECT." (".$SENDER."->".$RECIPIENT.")"; - if (GET_EXT_VERSION("admins") >= "0.4.1") - { - SEND_ADMIN_EMAILS_PRO($ADMIN_SUBJ, "admin_transfer_points"); - } - else - { - $msg = LOAD_EMAIL_TEMPLATE("admin_transfer_points"); - SEND_ADMIN_EMAILS($ADMIN_SUBJ, $msg); - } + $ADMIN_SUBJ = sprintf("%s (%s->%s)", TRANSFER_ADMIN_SUBJECT, $SENDER, $RECIPIENT); + SEND_ADMIN_NOTIFICATION($ADMIN_SUBJ, "admin_transfer_points"); // Transfer is completed - OUTPUT_HTML("

"); - LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."
".TRANSFER_CONTINUE_OVERVIEW.""); - OUTPUT_HTML("

"); + LOAD_TEMPLATE("admin_settings_saved", false, TRANSFER_COMPLETED."
".TRANSFER_CONTINUE_OVERVIEW.""); } elseif (!$valid_code) { @@ -328,10 +312,10 @@ case "new": // Start new transfer define('__TRANSFER_USERID_SELECTION', $OUT); // Generate Code - if ($CONFIG['transfer_code'] > 0) + if ($_CONFIG['transfer_code'] > 0) { $rand = rand(0, 99999); - $code = GEN_RANDOM_CODE($CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE); + $code = GEN_RANDOM_CODE($_CONFIG['transfer_code'], $rand, $GLOBALS['userid'], __TRANSFER_MAX_VALUE); $img = GENERATE_IMAGE($code, false); define('__TRANSFER_IMAGE_INPUT', " ".$img); } @@ -363,14 +347,14 @@ case "list_out": // List only outgoing transactions switch ($MODE) { case "list_in": - $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max']; + $SQL = "SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; $NOTHING = TRANSFER_NO_INCOMING_TRANSFERS; define('__TRANSFER_SUM', TRANSFER_TOTAL_INCOMING); define('__TRANSFER_TITLE', TRANSFER_LIST_INCOMING); break; case "list_out": - $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY time_trans DESC LIMIT ".$CONFIG['transfer_max']; + $SQL = "SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY time_trans DESC LIMIT ".$_CONFIG['transfer_max']; $NOTHING = TRANSFER_NO_OUTGOING_TRANSFERS; define('__TRANSFER_SUM', TRANSFER_TOTAL_OUTGOING); define('__TRANSFER_TITLE', TRANSFER_LIST_OUTGOING); @@ -378,7 +362,7 @@ case "list_out": // List only outgoing transactions } // Run the SQL command - $total = "0"; + $total = 0; $result = SQL_QUERY_ESC($SQL, array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { @@ -431,24 +415,24 @@ case "list_out": // List only outgoing transactions break; case "list_all": // List all transactions - // We fill a temporay table with data from both tables. This is much easier + // We fill a temporary table with data from both tables. This is much easier // to code and unstand by you as sub-SELECT queries. I know this is not the // fastest way but it shall be fine for now. // // First of all create the temporary table $result = SQL_QUERY("CREATE TEMPORARY TABLE "._MYSQL_PREFIX."_transfers_tmp ( -trans_id varchar(12) not null default '', -party_uid bigint(20) not null default '0', -points bigint(20) not null default '0', -reason varchar(255) not null default '', -time_trans varchar(10) not null default '0', -trans_type enum('IN', 'OUT') not null default 'IN', +trans_id VARCHAR(12) NOT NULL DEFAULT '', +party_uid BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', +points BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', +reason VARCHAR(255) NOT NULL DEFAULT '', +time_trans VARCHAR(10) NOT NULL DEFAULT '0', +trans_type ENUM('IN', 'OUT') NOT NULL DEFAULT 'IN', KEY(party_uid) ) TYPE=HEAP", __FILE__, __LINE__); // Let's begin with the incoming list - $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d ORDER BY id LIMIT %s", -array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT trans_id, from_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s ORDER BY id LIMIT %s", +array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); while ($DATA = SQL_FETCHROW($result)) { $DATA[] = "IN"; @@ -460,8 +444,8 @@ array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__); SQL_FREERESULT($result); // As the last table transfer data from outgoing table to temporary - $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d ORDER BY id LIMIT %s", -array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT trans_id, to_uid, points, reason, time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s ORDER BY id LIMIT %s", +array($GLOBALS['userid'], $_CONFIG['transfer_max']), __FILE__, __LINE__); while ($DATA = SQL_FETCHROW($result)) { $DATA[] = "OUT"; @@ -472,7 +456,7 @@ array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__); // Free memory SQL_FREERESULT($result); - $total = "0"; + $total = 0; if (SQL_NUMROWS($result) > 0) { // Output rows @@ -530,7 +514,7 @@ array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__); // Load final template LOAD_TEMPLATE("member_transfer_list"); - // At the end we don't need a temporay table in memory + // At the end we don't need a temporary table in memory $result = SQL_QUERY("DROP TABLE IF EXISTS "._MYSQL_PREFIX."_transfers_tmp", __FILE__, __LINE__); // Free some memory... @@ -539,7 +523,7 @@ array($GLOBALS['userid'], $CONFIG['transfer_max']), __FILE__, __LINE__); case "": // Overview page // Check incoming transfers - $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_in WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); list($dmy) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -554,7 +538,7 @@ case "": // Overview page } // Check outgoing transfers - $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%d", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT COUNT(id) FROM "._MYSQL_PREFIX."_user_transfers_out WHERE userid=%s", array($GLOBALS['userid']), __FILE__, __LINE__); list($dmy) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -581,7 +565,7 @@ case "": // Overview page if (isset($_POST['ok'])) { // Save settings - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1", array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__); // Rember for next switch() command @@ -593,20 +577,20 @@ case "": // Overview page switch ($opt_in) { case 'Y': - define('__TRANSFER_ALLOW_Y', " checked"); + define('__TRANSFER_ALLOW_Y', ' checked'); define('__TRANSFER_ALLOW_N', ""); define('__TRANSFER_NEW_LINK', "".TRANSFER_NOW_LINK.""); break; case 'N': define('__TRANSFER_ALLOW_Y', ""); - define('__TRANSFER_ALLOW_N', " checked"); + define('__TRANSFER_ALLOW_N', ' checked'); define('__TRANSFER_NEW_LINK', TRANSFER_PLEASE_ALLOW_OPT_IN); break; } // Check for latest out-transfers - $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $CONFIG['transfer_timeout'])." AND userid=%d ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT time_trans FROM "._MYSQL_PREFIX."_user_transfers_out WHERE time_trans > ".(time() - $_CONFIG['transfer_timeout'])." AND userid=%s ORDER BY time_trans DESC LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Load template