function reserve_temp_order_pixels($block_info, $in_str)
{
global $label;
if (session_id() == '') {
return false;
}
// cannot reserve pixels if there is no session
// check if it is free
$sql = "select block_id from blocks where banner_id='" . $_REQUEST['BID'] . "' and block_id IN({$in_str}) ";
$result = mysql_query($sql) or die($sql . mysql_error());
if (mysql_num_rows($result) > 0) {
echo js_out_prep($label['check_sel_notavailable'] . " (E432)");
//do_log_entry ($sql);
return;
}
$blocks = explode(',', $in_str);
foreach ($block_info as $key => $block) {
//$price = get_zone_price($_REQUEST['BID'], $block['map_y']/10, $block['map_x']/10);
$price = get_zone_price($_REQUEST['BID'], $block['map_y'] / BLK_HEIGHT, $block['map_x'] / BLK_WIDTH);
$currency = get_default_currency();
// enhance block info...
$block_info[$key]['currency'] = $currency;
$block_info[$key]['price'] = $price;
$block_info[$key]['banner_id'] = $_REQUEST['BID'];
$total += $price;
//mysql_query ($sql) or die (mysql_error().$sql);
//echo $key.", ";
}
//echo 'total:'.$total;
//print_r($block_info);
//$block_info = serialize($block_info);
$sql = "UPDATE temp_orders set price='{$total}' where session_id='" . session_id() . "' ";
mysql_query($sql);
//echo $sql;
// save to file
$fh = fopen(SERVER_PATH_TO_ADMIN . 'temp/' . "info_" . md5(session_id()) . ".txt", 'wb');
fwrite($fh, serialize($block_info));
fclose($fh);
mysql_query($sql) or die(mysql_error() . $sql);
}
function process_payment_return()
{
global $label;
if ($_REQUEST['order_id'] != '' && $_REQUEST['nhezk5'] != '') {
//print_r($_SESSION);
if ($_SESSION['MDS_ID'] == '') {
echo "Error: You must be logged in to view this page";
} else {
//require ("../users/header.php");
?>
<div style='background-color: #ffffff; border-color:#C0C0C0; border-style:solid;padding:10px'>
<p align="center"><center>
<?php
$sql = "SELECT * from orders where order_id='" . $_REQUEST['order_id'] . "' and user_id='" . $_SESSION['MDS_ID'] . "'";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$order_row = mysql_fetch_array($result);
$check_amount = convert_to_currency($order_row['price'], $order_row['currency'], CHECK_CURRENCY);
$check_amount = format_currency($check_amount, CHECK_CURRENCY, true);
$label['payment_check_heading'] = str_replace("%INVOICE_AMOUNT%", $check_amount, $label['payment_check_heading']);
//$label['payment_check_note'] = str_replace ("%CONTACT_EMAIL%", SITE_CONTACT_EMAIL, $label['payment_check_note']);
//$label['payment_check_note'] = str_replace ("%INVOICE_CODE%", $_REQUEST['order_id'], $label['payment_check_note']);
if (get_default_currency() != CHECK_CURRENCY) {
echo convert_to_default_currency_formatted($order_row[currency], $order_row['price']) . " = " . $check_amount;
echo "<br>";
}
?>
<table width="70%"><tr><td>
<b><?php
echo $label['payment_check_heading'];
?>
</b><br>
<?php
if (CHECK_NAME != '') {
?>
<b><?php
echo $label['payment_check_payable'];
?>
</b><pre><?php
echo CHECK_PAYABLE;
?>
</pre><br>
<?php
}
?>
<?php
if (CHECK_ADDRESS != '') {
?>
<b><?php
echo $label['payment_check_address'];
?>
</b><pre><?php
echo CHECK_ADDRESS;
?>
</pre><br>
<?php
}
?>
<?php
/*if ( CHECK_ACCOUNT_NAME != '') { ?>
<b><?php echo $label['payment_check_currency'];?></b><pre><?php echo CHECK_CURRENCY; ?></pre><br>
<?php } */
?>
</td></tr>
</table>
</p>
</center>
</div>
<?php
}
}
}
function convert_to_default_currency_formatted($cur_code, $amount)
{
if (func_num_args() > 2) {
$show_code = func_get_arg(2);
}
if (func_num_args() > 3) {
$from_rate = func_get_arg(3);
}
if ($cur_code == '') {
$cur_code = get_default_currency();
// cur code can be blank due to some bugs in the old version
}
// load default currency
$sql = "SELECT * from currencies WHERE is_default='Y' ";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result);
$to_rate = $row['rate'];
$to_code = $row['code'];
$to_decimal_places = $row['decimal_places'];
if ($cur_code == get_default_currency()) {
$new_amount = $amount;
} else {
if ($from_rate == '') {
//load from rate
$sql = "SELECT * from currencies WHERE code='{$cur_code}' ";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result);
$from_rate = $row['rate'];
}
$new_amount = $amount * $to_rate / $from_rate;
$new_amount = round($new_amount, $to_decimal_places);
}
return format_currency($new_amount, $to_code, $show_code, true);
}
function reserve_pixels_for_temp_order($temp_order_row)
{
// check if the user can get the order
if (!can_user_order(load_banner_row($temp_order_row['banner_id']), $_SESSION['MDS_ID'], $temp_order_row['package_id'])) {
echo 'can\'t touch this<br>';
return false;
}
require_once '../include/ads.inc.php';
###################################################
if (USE_LOCK_TABLES == 'Y') {
$sql = "LOCK TABLES blocks WRITE, orders WRITE, ads WRITE, temp_orders WRITE, currencies READ, prices READ, banners READ, form_fields READ, form_field_translations READ";
$result = mysql_query($sql) or die(" <b>Dear Webmaster: The current MySQL user does not have permission to lock tables. Please give this user permission to lock tables, or turn off locking in the Admin. To turn off locking in the Admin, please go to Main Config and look under the MySQL Settings.<b>");
} else {
// poor man's lock
$sql = "UPDATE `config` SET `val`='YES' WHERE `key`='SELECT_RUNNING' AND `val`='NO' ";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_affected_rows() == 0) {
// make sure it cannot be locked for more than 30 secs
// This is in case the proccess fails inside the lock
// and does not release it.
$unix_time = time();
// get the time of last run
$sql = "SELECT * FROM `config` where `key` = 'LAST_SELECT_RUN' ";
$result = @mysql_query($sql);
$t_row = @mysql_fetch_array($result);
if ($unix_time > $t_row['val'] + 30) {
// release the lock
$sql = "UPDATE `config` SET `val`='NO' WHERE `key`='SELECT_RUNNING' ";
$result = @mysql_query($sql) or die(mysql_error());
// update timestamp
$sql = "REPLACE INTO config (`key`, `val`) VALUES ('LAST_SELECT_RUN', '{$unix_time}') ";
$result = @mysql_query($sql) or die(mysql_error());
}
usleep(5000000);
// this function is executing in another process. sleep for half a second
reserve_pixels_for_temp_order($temp_order_row);
return;
}
}
####################################################
$filename = SERVER_PATH_TO_ADMIN . 'temp/' . "info_" . md5(session_id()) . ".txt";
$fh = fopen($filename, 'rb');
$block_info = fread($fh, filesize($filename));
fclose($fh);
//$block_info = unserialize($temp_order_row['block_info']);
$block_info = unserialize($block_info);
//echo "block info:";
//print_r($block_info);
$in_str = $temp_order_row['blocks'];
$sql = "select block_id from blocks where banner_id='" . $temp_order_row['banner_id'] . "' and block_id IN(" . $in_str . ") ";
//echo $sql."<br>";
$result = mysql_query($sql) or die($sql . mysql_error());
if (mysql_num_rows($result) > 0) {
return false;
// the pixels are not available!
}
// approval status, default is N
$banner_row = load_banner_row($temp_order_row['banner_id']);
$approved = $banner_row['auto_approve'];
$now = gmdate("Y-m-d H:i:s");
$sql = "REPLACE INTO orders (user_id, order_id, blocks, status, order_date, price, quantity, banner_id, currency, days_expire, date_stamp, package_id, ad_id, approved) VALUES ('" . $_SESSION['MDS_ID'] . "', '', '" . $in_str . "', 'new', '" . $now . "', '" . $temp_order_row['price'] . "', '" . $temp_order_row['quantity'] . "', '" . $temp_order_row['banner_id'] . "', '" . get_default_currency() . "', " . $temp_order_row['days_expire'] . ", '" . $now . "', " . $temp_order_row['package_id'] . ", " . $temp_order_row['ad_id'] . ", '" . $approved . "') ";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$order_id = mysql_insert_id();
mds_log("Changed temp order to a real order - " . $sql);
//echo "<hr>";echo $sql; echo "<hr>";
$sql = "UPDATE ads SET user_id='" . $_SESSION['MDS_ID'] . "', order_id='" . $order_id . "' where ad_id='" . $temp_order_row['ad_id'] . "' ";
//echo $sql;
mysql_query($sql) or die(mysql_error() . $sql);
$sql = "UPDATE orders SET original_order_id='" . $order_id . "' where order_id='" . $order_id . "' ";
//echo $sql;
mysql_query($sql) or die(mysql_error() . $sql);
global $prams;
$prams = load_ad_values($temp_order_row['ad_id']);
$url = get_template_value('URL', 1);
$alt_text = get_template_value('ALT_TEXT', 1);
//print_R($block_info);
//echo "<P>url: $url, alt_text: $alt_text </p>";
foreach ($block_info as $key => $block) {
$sql = "REPLACE INTO `blocks` ( `block_id` , `user_id` , `status` , `x` , `y` , `image_data` , `url` , `alt_text`, `approved`, `banner_id`, `currency`, `price`, `order_id`, `ad_id`) VALUES ('" . $key . "', '" . $_SESSION['MDS_ID'] . "' , 'reserved' , '" . $block['map_x'] . "' , '" . $block['map_y'] . "' , '" . $block['image_data'] . "' , '" . addslashes($url) . "' , '" . addslashes($alt_text) . "', '" . $approved . "', '" . $temp_order_row['banner_id'] . "', '" . get_default_currency() . "', '" . $block['price'] . "', '" . $order_id . "', '" . $temp_order_row['ad_id'] . "')";
//echo $sql."<br>";
mds_log("Updated block - " . $sql);
mysql_query($sql) or die(mysql_error() . $sql);
}
delete_temp_order(session_id(), false);
// false = do not delete the ad...
###################################################
if (USE_LOCK_TABLES == 'Y') {
$sql = "UNLOCK TABLES";
$result = mysql_query($sql) or die(mysql_error() . " <b>Dear Webmaster: The current MySQL user set in config.php does not have permission to lock tables. Please give this user permission to lock tables, or set USE_LOCK_TABLES to 'No' in the Main Config section in the Admin.<b>");
} else {
// release the poor man's lock
$sql = "UPDATE `config` SET `val`='NO' WHERE `key`='SELECT_RUNNING' ";
mysql_query($sql);
$unix_time = time();
// update timestamp
$sql = "REPLACE INTO config (`key`, `val`) VALUES ('LAST_SELECT_RUN', '{$unix_time}') ";
$result = @mysql_query($sql) or die(mysql_error());
}
####################################################
return $order_id;
}
$sql = "SELECT quantity FROM temp_orders WHERE session_id='" . addslashes(session_id()) . "'";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result);
$quantity = $row['quantity'];
$block_count = $quantity / (BLK_WIDTH * BLK_HEIGHT);
// Now update the order (overwite the total & days_expire with the package)
$pack = get_package($_REQUEST['pack']);
$total = $pack['price'] * $block_count;
// convert & round off
$total = convert_to_default_currency($pack['currency'], $total);
$sql = "UPDATE temp_orders SET package_id='" . $_REQUEST['pack'] . "', price='" . $total . "', days_expire='" . $pack['days_expire'] . "', currency='" . get_default_currency() . "' WHERE session_id='" . addslashes(session_id()) . "'";
mysql_query($sql) or die(mysql_error() . $sql);
$order_row['price'] = $total;
$order_row['pack'] = $_REQUEST['pack'];
$order_row['days_expire'] = $pack['days_expire'];
$order_row['currency'] = get_default_currency();
} else {
$selected_pack = $_REQUEST['pack'];
$_REQUEST['pack'] = '';
$cannot_get_package = true;
}
}
if ($has_packages && $_REQUEST['pack'] == '') {
echo "<form method='post' action='" . $_SERVER['PHP_SELF'] . "'>";
?>
<input type="hidden" name="selected_pixels" value="<?php
echo $_REQUEST['selected_pixels'];
?>
">
<input type="hidden" name="order_id" value="<?php
echo $_REQUEST['order_id'];
}
$cannot_get_package = false;
if ($has_packages && $_REQUEST['pack'] != '') {
// check to make sure this advertiser can order this package
if (can_user_get_package($_SESSION['MDS_ID'], $_REQUEST['pack'], $_SESSION['MDS_order_id'])) {
$sql = "SELECT quantity FROM orders WHERE order_id='" . $_REQUEST['order_id'] . "'";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result);
$quantity = $row['quantity'];
$block_count = $quantity / 100;
// Now update the order (overwite the total & days_expire with the package)
$pack = get_package($_REQUEST['pack']);
$total = $pack['price'] * $block_count;
// convert & round off
$total = convert_to_default_currency($pack['currency'], $total);
$sql = "UPDATE orders SET package_id='" . $_REQUEST['pack'] . "', price='" . $total . "', days_expire='" . $pack['days_expire'] . "', currency='" . get_default_currency() . "' WHERE order_id='" . $_SESSION['MDS_order_id'] . "'";
mysql_query($sql) or die(mysql_error() . $sql);
} else {
$selected_pack = $_REQUEST['pack'];
$_REQUEST['pack'] = '';
$cannot_get_package = true;
}
}
// check to make sure MIN_BLOCKS were selected.
$sql = "SELECT block_id FROM blocks WHERE user_id='" . $_SESSION['MDS_ID'] . "' AND status='reserved' AND banner_id='{$BID}' ";
$res = mysql_query($sql) or die(mysql_error() . $sql);
$count = mysql_num_rows($res);
if ($count < $b_row['min_blocks']) {
$not_enough_blocks = true;
}
require "header.php";
<?php
define('NO_HOUSE_KEEP', 'YES');
require "../config.php";
require 'admin_common.php';
session_start();
$BID = $_REQUEST['BID'];
if ($BID == '') {
$BID = '1';
}
//$sql = "select * from banners where banner_id=$BID";
//$result = mysql_query ($sql) or die (mysql_error().$sql);
//$b_row = mysql_fetch_array($result);
load_banner_constants($BID);
//echo USR_GRID_BLOCK;
$currency = get_default_currency();
#
# Preload all block
$sql = "select block_id, status, user_id, image_data FROM blocks where status='sold' AND banner_id={$BID} ";
$result = mysql_query($sql) or die(mysql_error() . $sql);
while ($row = mysql_fetch_array($result)) {
$blocks[$row[block_id]] = $row['status'];
if ($row[user_id] == $_REQUEST[user_id] && $row['status'] != 'ordered' && $row['status'] != 'sold') {
$blocks[$row[block_id]] = 'onorder';
$order_exists = true;
} elseif ($row['status'] != 'sold' && $row[user_id] != $_REQUEST[user_id]) {
$blocks[$row[block_id]] = 'reserved';
}
if ($row[image_data] != '') {
$images[$row[block_id]] = imagecreatefromstring(base64_decode($row[image_data]));
}
function add_package_to_order($order_id, $package_id)
{
$pack = get_package($package_id);
//user_id, order_id, blocks, status, order_date, price, quantity, banner_id, currency, days_expire, date_stam
$sql = "SELECT * FROM orders WHERE order_id='{$order_id}'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
$total = $row['quantity'] / 100 * $pack['price'];
$total = convert_to_default_currency($pack['currency'], $total);
$sql = "UPDATE orders set price='{$total}', currency='" . get_default_currency() . "' expire_days='" . $pack['expire_days'] . "' WHERE order_id={$order_id} ";
}
function process_payment_return()
{
global $label;
if ($_REQUEST['order_id'] != '' && $_REQUEST['nhezk5'] != '') {
//session_start();
//print_r($_SESSION);
if ($_SESSION['MDS_ID'] == '') {
echo "Error: You must be logged in to view this page";
} else {
?>
<div style='background-color: #ffffff; border-color:#C0C0C0; border-style:solid;padding:10px'>
<p align="center"><center>
<?php
$sql = "SELECT * from orders where order_id='" . $_REQUEST['order_id'] . "' and user_id='" . $_SESSION['MDS_ID'] . "'";
$result = mysql_query($sql) or die(mysql_error() . $sql);
$order_row = mysql_fetch_array($result);
$bank_amount = convert_to_currency($order_row['price'], $order_row['currency'], BANK_CURRENCY);
$bank_amount = format_currency($bank_amount, BANK_CURRENCY, true);
$label['payment_bank_heading'] = str_replace("%INVOICE_AMOUNT%", $bank_amount, $label['payment_bank_heading']);
$label['payment_bank_note'] = str_replace("%CONTACT_EMAIL%", SITE_CONTACT_EMAIL, $label['payment_bank_note']);
$label['payment_bank_note'] = str_replace("%INVOICE_CODE%", $_REQUEST['order_id'], $label['payment_bank_note']);
if (get_default_currency() != BANK_CURRENCY) {
echo convert_to_default_currency_formatted($order_row[currency], $order_row['price']) . " = " . $bank_amount;
echo "<br>";
}
?>
<table width="70%"><tr><td>
<b><?php
echo $label['payment_bank_heading'];
?>
</b><br>
<?php
if (BANK_NAME != '') {
?>
<b><?php
echo $label['payment_bank_name'];
?>
</b> <?php
echo BANK_NAME;
?>
<br>
<?php
}
?>
<?php
if (BANK_ADDRESS != '') {
?>
<b><?php
echo $label['payment_bank_addr'];
?>
</b> <?php
echo BANK_ADDRESS;
?>
<br>
<?php
}
?>
<?php
if (BANK_ACCOUNT_NAME != '') {
?>
<b><?php
echo $label['payment_bank_ac_name'];
?>
</b> <?php
echo BANK_ACCOUNT_NAME;
?>
<br>
<?php
}
?>
<?php
if (BANK_ACCOUNT_NUMBER != '') {
?>
<b><?php
echo $label['payment_bank_ac_number'];
?>
</b> <?php
echo BANK_ACCOUNT_NUMBER;
?>
<br>
<?php
}
?>
<?php
if (BANK_BRANCH_NUMBER != '') {
?>
<b><?php
echo $label['payment_bank_branch_number'];
?>
</b> <?php
echo BANK_BRANCH_NUMBER;
?>
<br>
<?php
}
?>
<?php
if (BANK_SWIFT != '') {
?>
<b><?php
echo $label['payment_bank_swift'];
?>
</b> <?php
echo BANK_SWIFT;
?>
<br>
<?php
}
?>
<?php
echo $label['payment_bank_note'];
?>
</td></tr>
</table>
</p>
</center>
</div>
<?php
}
}
}
