}
$account_statement.='
</table>';
$mail_html=str_replace('{account_statement}', $db->string_escape($account_statement), $mail_html);
$mail_plain=str_replace('{account_statement}', $db->string_escape($account_statement_plain), $mail_plain);
}
if(!isset($_POST['_preview'])){
$query2='INSERT INTO mail_queue SET '.$mysql_fields.', admins_id='.($_SESSION['admin']['adminid']+0).',
time_to_send="'.date('Y-m-d H:i:s', CUSTOMTIME).'", create_time="'.date('Y-m-d H:i:s', CUSTOMTIME).'", mail_to="'.$db->string_escape($row['user_email']).'",
mail_to_names="'.$row['user_firstname'].' '.$row['user_lastname'].'", mail_html="'.$mail_html.'", mail_plain="'.$mail_plain.'"';
$db->rq($query2);
$MailID=$db->last_id();
$query = 'SELECT * FROM mail_queue WHERE mail_queue_id='.($MailID+0).' AND is_sent=0';
$res = $db->rq($query);
$row = $db->fetch($res);
}
// Settings
$settingsModel = new App\Model\Settings($db, 'mail_settings');
$settings = $settingsModel->getAll();
$transport = $settings['mail_transport'];
/*
$smtp_host = $settings['mail_' . $transport . '_host'];
$smtp_port = $settings['mail_' . $transport . '_port'];
$smtp_user = $settings['mail_' . $transport . '_user'];
stocks_name="'.$db->string_escape($_POST['names']).'",
stocks_links="'.$db->string_escape($_POST['link']).'",
checking = "'.$db->string_escape($_POST['checking']).'"
WHERE stocks_id='.($_POST['stockid']+0).'';
$db->rq($query);
addLog('Back-end','Stocks',''.$db->string_escape($_POST['names']).' ('.$_POST['symbol'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Stock edited');
}else{
$detRef=hexdec(substr(uniqid(''), 0, 10))-81208208208;
$query='INSERT INTO stocks SET stocks_symbol="'.$_POST['symbol'].'", stocks_name="'.$db->string_escape($_POST['names']).'",
stocks_links="'.$db->string_escape($_POST['link']).'", checking = "'.$db->string_escape($_POST['checking']).'"';
$db->rq($query);
$today = date('Y-m-d', CUSTOMTIME);
$query='INSERT INTO stock_details SET details_ref="'.$detRef.'", stocks_id="'.$db->last_id().'", value="'.str_replace(',', '', $_POST['value']).'", date="'.$today.'"';
$db->rq($query);
addLog('Back-end','Stocks',''.$db->string_escape($_POST['names']).' ('.$_POST['symbol'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','New Stock added');
}
$db->close();
header('Location: stocks.php');
exit();
}
if (isset($_POST['_form_submit']) && isset($_POST['_new_value'])){
$db=new DBConnection();
$detRef=hexdec(substr(uniqid(''), 0, 10))-81208208208;
if($_POST['trade_ref']) {
$query='DELETE FROM stock_details WHERE details_ref="'.$_POST['trade_ref'].'"';
