function score_manage()
{
global $dbtable_prefix;
$now = gmdate('YmdHis');
// take back a fraction of the join score from those who joined in the last 10 days
$takeback = -add_member_score(0, 'join', 1, true) / 10;
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `date_added`>DATE_SUB('{$now}',INTERVAL 10 DAY)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$user_ids = array();
for ($i = 0; $i < mysql_num_rows($res); ++$i) {
$user_ids[] = mysql_result($res, $i, 0);
}
if (!empty($user_ids)) {
add_member_score($user_ids, 'force', 1, false, $takeback);
}
// now decrease the score for those that are inactive for more than a month
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `last_activity`<DATE_SUB('{$now}',INTERVAL 1 MONTH)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$user_ids = array();
for ($i = 0; $i < mysql_num_rows($res); ++$i) {
$user_ids[] = mysql_result($res, $i, 0);
}
if (!empty($user_ids)) {
add_member_score($user_ids, 'inactivity');
}
return true;
}
function clean_online_table()
{
global $dbtable_prefix;
$config = get_site_option(array('inactive_time'), 'core');
$now = gmdate('YmdHis');
$query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id` IS NULL AND `last_activity`<'{$now}'-INTERVAL '" . $config['inactive_time'] . "' MINUTE";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "SELECT a.`fk_user_id` FROM `{$dbtable_prefix}online` a WHERE a.`last_activity`<'{$now}'-INTERVAL '" . $config['inactive_time'] . "' MINUTE AND `fk_user_id` IS NOT NULL";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$to_del = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$to_del[$rsrow['fk_user_id']] = 1;
}
if (!empty($to_del)) {
$to_del = array_keys($to_del);
add_member_score($to_del, 'login', -1);
$query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id` IN ('" . join("','", $to_del) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='{$now}' WHERE `" . USER_ACCOUNT_ID . "` IN ('" . join("','", $to_del) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
return true;
}
function on_before_delete_blog_post()
{
global $dbtable_prefix, $post_ids;
require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
$fileop = new fileop();
$query = "SELECT `post_id`,`fk_blog_id`,`fk_user_id`,UNIX_TIMESTAMP(`date_posted`) as `date_posted` FROM `{$dbtable_prefix}blog_posts` WHERE `post_id` IN ('" . join("','", $post_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$blog_ids = array();
$user_ids = array();
$dates = array();
while ($rsrow = mysql_fetch_assoc($res)) {
if (isset($blog_ids[$rsrow['fk_blog_id']])) {
--$blog_ids[$rsrow['fk_blog_id']];
} else {
$blog_ids[$rsrow['fk_blog_id']] = -1;
}
if (isset($user_ids[$rsrow['fk_user_id']])) {
--$user_ids[$rsrow['fk_user_id']];
} else {
$user_ids[$rsrow['fk_user_id']] = -1;
}
$dates[$rsrow['fk_blog_id']][] = $rsrow['date_posted'];
}
foreach ($blog_ids as $bid => $num) {
// blog stats
$bid = (string) $bid;
$query = "UPDATE `{$dbtable_prefix}user_blogs` SET `stat_posts`=`stat_posts`+{$num} WHERE `blog_id`={$bid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// blog_archive
$blog_archive = array();
if (is_file(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php')) {
include _CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php';
}
for ($i = 0; isset($dates[$bid][$i]); ++$i) {
$year = (int) date('Y', $dates[$bid][$i]);
$month = (int) date('m', $dates[$bid][$i]);
if (isset($blog_archive[$year][$month])) {
--$blog_archive[$year][$month];
}
if (empty($blog_archive[$year][$month])) {
unset($blog_archive[$year][$month]);
}
}
krsort($blog_archive, SORT_NUMERIC);
$towrite = '<?php $blog_archive=' . var_export($blog_archive, true) . ';';
$fileop->file_put_contents(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php', $towrite);
}
foreach ($user_ids as $uid => $num) {
update_stats($uid, 'blog_posts', $num);
add_member_score($uid, 'del_blog', -$num);
// -$num because $num is already negative.
}
}
function on_before_delete_photo()
{
global $dbtable_prefix, $photo_ids;
$query = "SELECT `photo_id`,`fk_user_id`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", $photo_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$photo_ids = array();
// yup
$user_ids = array();
$scores = array();
$score_photo = add_member_score(0, 'del_photo', 1, true);
// just read the score, don't set anything
$score_main_photo = add_member_score(0, 'del_main_photo', 1, true);
// just read the score, don't set anything
$main_photos = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$photo_ids[] = $rsrow['photo_id'];
// get only the not processed ones
if ($rsrow['status'] == STAT_APPROVED) {
// everything happens with approved photos only.
if (isset($user_ids[$rsrow['fk_user_id']])) {
--$user_ids[$rsrow['fk_user_id']];
} else {
$user_ids[$rsrow['fk_user_id']] = -1;
}
if (isset($scores[$rsrow['fk_user_id']])) {
$scores[$rsrow['fk_user_id']] += empty($rsrow['is_main']) ? $score_photo : $score_main_photo;
} else {
$scores[$rsrow['fk_user_id']] = empty($rsrow['is_main']) ? $score_photo : $score_main_photo;
}
if (!empty($rsrow['is_main'])) {
$main_photos[$rsrow['fk_user_id']] = $rsrow['photo'];
}
}
}
foreach ($user_ids as $uid => $num) {
update_stats($uid, 'total_photos', $num);
}
foreach ($scores as $uid => $score) {
add_member_score($uid, 'force', 1, false, $score);
}
$now = gmdate('YmdHis');
foreach ($main_photos as $uid => $photo) {
$query = "UPDATE `{$dbtable_prefix}user_profiles` SET `_photo`='',`last_changed`='{$now}' WHERE `fk_user_id`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
// this is needed to recreate caches containing the new photo
if (!empty($main_photos)) {
$query = "UPDATE `{$dbtable_prefix}blog_posts` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}comments_blog` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}comments_photo` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}comments_profile` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
$input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
}
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$is_update = false;
if (mysql_num_rows($res)) {
$is_update = true;
}
$now = gmdate('YmdHis');
if ($is_update) {
$query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'";
} else {
$query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'";
}
if ($input['page'] == 1) {
$query .= ",`_user`='" . $input['user'] . "'";
if (get_site_option('manual_profile_approval', 'core') == 1) {
$query .= ",`status`=" . STAT_PENDING;
} else {
$query .= ",`status`=" . STAT_APPROVED;
}
}
for ($i = 0; isset($my_fields[$i]); ++$i) {
$query .= ',' . $_pfields[$my_fields[$i]]->query_set();
}
if ($is_update) {
$query .= " WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
}
$query .= " OR (`fk_user_id`=" . $input['uid'] . " AND `fk_net_id`=" . $input['net_id'] . " AND `fk_user_id_other`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "')";
}
if (isset($_on_before_delete)) {
for ($i = 0; isset($_on_before_delete[$i]); ++$i) {
call_user_func($_on_before_delete[$i]);
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_delete)) {
for ($i = 0; isset($_on_after_delete[$i]); ++$i) {
call_user_func($_on_after_delete[$i]);
}
}
if ($input['net_id'] == NET_BLOCK) {
del_message_filter(array('filter_type' => FILTER_SENDER, 'fk_user_id' => $_SESSION[_LICENSE_KEY_]['user']['user_id'], 'field_value' => $input['uid']));
add_member_score($input['uid'], 'unblock_member');
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = sprintf($GLOBALS['_lang'][87], get_user_by_userid($input['uid']), get_net_name($input['net_id']));
}
}
if ($error) {
// you must re-read all textareas from $_GET like this:
// $input['x']=addslashes_mq($_GET['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
function on_before_delete_comment()
{
global $dbtable_prefix, $comment_ids, $comment_type;
switch ($comment_type) {
case 'blog':
$table = "`{$dbtable_prefix}comments_blog`";
$parent_table = "`{$dbtable_prefix}blog_posts`";
$parent_key = "`post_id`";
break;
case 'photo':
$table = "`{$dbtable_prefix}comments_photo`";
$parent_table = "`{$dbtable_prefix}user_photos`";
$parent_key = "`photo_id`";
break;
case 'user':
$table = "`{$dbtable_prefix}comments_profile`";
$parent_table = "`{$dbtable_prefix}user_profiles`";
$parent_key = "`fk_user_id`";
break;
}
$query = "SELECT a.`comment_id`,a.`fk_parent_id`,a.`fk_user_id`,b.`fk_user_id` as `fk_parent_owner_id` FROM {$table} a,{$parent_table} b WHERE a.`comment_id` IN ('" . join("','", $comment_ids) . "') AND a.`fk_parent_id`=b.{$parent_key}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$parent_ids = array();
$user_ids = array();
$parent_owner_ids = array();
while ($rsrow = mysql_fetch_assoc($res)) {
if (isset($parent_ids[$rsrow['fk_parent_id']])) {
--$parent_ids[$rsrow['fk_parent_id']];
} else {
$parent_ids[$rsrow['fk_parent_id']] = -1;
}
if (isset($user_ids[$rsrow['fk_user_id']])) {
--$user_ids[$rsrow['fk_user_id']];
} else {
$user_ids[$rsrow['fk_user_id']] = -1;
}
if ($rsrow['fk_parent_owner_id'] != $rsrow['fk_user_id']) {
if (isset($parent_owner_ids[$rsrow['fk_parent_owner_id']])) {
--$parent_owner_ids[$rsrow['fk_parent_owner_id']];
} else {
$parent_owner_ids[$rsrow['fk_parent_owner_id']] = -1;
}
}
}
if ($comment_type != 'user') {
foreach ($parent_ids as $pid => $num) {
$query = "UPDATE {$parent_table} SET `stat_comments`=`stat_comments`+{$num} WHERE {$parent_key}='{$pid}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
foreach ($parent_ids as $pid => $num) {
update_stats($pid, 'profile_comments', $num);
}
}
foreach ($parent_owner_ids as $uid => $num) {
if (!empty($uid)) {
add_member_score($uid, 'removed_comment', -$num);
// -$num because $num is already negative.
}
}
}
function on_after_approve_blog_post()
{
global $dbtable_prefix, $post_ids;
require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
$fileop = new fileop();
$query = "SELECT `post_id`,`fk_blog_id`,`fk_user_id` FROM `{$dbtable_prefix}blog_posts` WHERE `post_id` IN ('" . join("','", $post_ids) . "') AND `processed`=0";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$post_ids = array();
// yup
$blog_ids = array();
$user_ids = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$post_ids[] = $rsrow['post_id'];
// get only the not processed ones
if (!isset($blog_ids[$rsrow['fk_blog_id']])) {
$blog_ids[$rsrow['fk_blog_id']] = 1;
} else {
++$blog_ids[$rsrow['fk_blog_id']];
}
if (!isset($user_ids[$rsrow['fk_user_id']])) {
$user_ids[$rsrow['fk_user_id']] = 1;
} else {
++$user_ids[$rsrow['fk_user_id']];
}
}
$year = (int) date('Y');
$month = (int) date('m');
foreach ($blog_ids as $bid => $num) {
// blog stats
$bid = (string) $bid;
$query = "UPDATE `{$dbtable_prefix}user_blogs` SET `stat_posts`=`stat_posts`+{$num} WHERE `blog_id`={$bid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// blog_archive
$blog_archive = array();
if (is_file(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php')) {
include _CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php';
}
if (isset($blog_archive[$year][$month])) {
$blog_archive[$year][$month] += $num;
} else {
$blog_archive[$year][$month] = $num;
}
krsort($blog_archive, SORT_NUMERIC);
$towrite = '<?php $blog_archive=' . var_export($blog_archive, true) . ';';
$fileop->file_put_contents(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php', $towrite);
}
foreach ($user_ids as $uid => $num) {
update_stats($uid, 'blog_posts', $num);
add_member_score($uid, 'add_blog', $num);
}
if (!empty($post_ids)) {
$query = "UPDATE `{$dbtable_prefix}blog_posts` SET `processed`=1 WHERE `post_id` IN ('" . join("','", $post_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
$score = 0;
// it might happen that the user is already logged in. Don't add the login score if that's the case.
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!mysql_num_rows($res)) {
$score += add_member_score($user['user_id'], 'login', 1, true);
// just read the value
}
if ($user['last_activity'] < $time - $score_threshold) {
$score += add_member_score($user['user_id'], 'login_bonus', 1, true);
// just read the value
}
if (!empty($score)) {
add_member_score($user['user_id'], 'force', 1, false, $score);
}
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (USE_DB_SESSIONS == 1) {
$query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
unset($user['last_activity']);
$_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
if (isset($_on_after_login)) {
static function login_by_id($user_id)
{
global $dbtable_prefix;
EtanoApi::load_common();
if (is_file(_BASEPATH_ . '/events/processors/login.php')) {
include_once _BASEPATH_ . '/events/processors/login.php';
}
require_once _BASEPATH_ . '/skins_site/' . EtanoApi::get_my_skin() . '/lang/login.inc.php';
$score_threshold = 600;
// seconds
$error = false;
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
$log['level'] = 'login';
$log['user_id'] = $user_id;
$log['sess'] = session_id();
// $log['user']=$user;
// $log['membership']=$_SESSION[_LICENSE_KEY_]['user']['membership'];
$log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
log_user_action($log);
rate_limiter($log);
$query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_ID . "`={$user_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user = mysql_fetch_assoc($res);
$user['membership'] = (int) $user['membership'];
$user['user_id'] = (int) $user['user_id'];
if ($user['status'] == ASTAT_ACTIVE) {
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
$user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
$score = 0;
// it might happen that the user is already logged in. Don't add the login score if that's the case.
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!mysql_num_rows($res)) {
$score += add_member_score($user['user_id'], 'login', 1, true);
// just read the value
}
if ($user['last_activity'] < $time - $score_threshold) {
$score += add_member_score($user['user_id'], 'login_bonus', 1, true);
// just read the value
}
if (!empty($score)) {
add_member_score($user['user_id'], 'force', 1, false, $score);
}
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (USE_DB_SESSIONS == 1) {
$query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
unset($user['last_activity'], $user['email']);
$_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
if (isset($_on_after_login)) {
for ($i = 0; isset($_on_after_login[$i]); ++$i) {
call_user_func($_on_after_login[$i]);
}
}
} elseif ($user['status'] == ASTAT_UNVERIFIED) {
throw new Exception('', ASTAT_UNVERIFIED);
} elseif ($user['status'] == ASTAT_SUSPENDED) {
throw new Exception($GLOBALS['_lang'][71], ASTAT_SUSPENDED);
}
} else {
throw new Exception($GLOBALS['_lang'][72], 0);
}
return true;
}
function send_queue_message()
{
$limit = 50;
// number of messages in a batch
unset($_on_before_insert, $_on_after_insert);
if (is_file(_BASEPATH_ . '/events/cronjobs/send_queue_message.php')) {
include_once _BASEPATH_ . '/events/cronjobs/send_queue_message.php';
}
global $dbtable_prefix, $def_skin;
include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
$filters = array();
$notifs = array();
$emails = array();
$mail_ids = array();
$receivers = array();
$query = "SELECT a.`mail_id`,a.`fk_user_id`,a.`fk_user_id_other`,a.`_user_other`,a.`subject`,a.`message_body`,a.`date_sent`,a.`message_type`,b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}queue_message` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` ORDER BY a.`mail_id` ASC LIMIT {$limit}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
while ($rsrow = mysql_fetch_assoc($res)) {
$temp['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, FORMAT_TEXT2HTML);
$temp['_user_other'] = $rsrow['_user_other'];
if (empty($temp['_user_other']) && $rsrow['message_type'] == MESS_SYSTEM) {
$temp['_user_other'] = $GLOBALS['_lang'][135];
}
$temp['email'] = $rsrow['email'];
$temp['user'] = $rsrow['user'];
$mail_ids[] = $rsrow['mail_id'];
if (isset($receivers[$rsrow['fk_user_id']])) {
++$receivers[$rsrow['fk_user_id']];
} else {
$receivers[$rsrow['fk_user_id']] = 1;
}
unset($rsrow['mail_id'], $rsrow['email'], $rsrow['user']);
$rsrow['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
$rsrow['message_body'] = sanitize_and_format($rsrow['message_body'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
if (!isset($filters[$rsrow['fk_user_id']])) {
$query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $rsrow['fk_user_id'];
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow2 = mysql_fetch_assoc($res2)) {
$filters[$rsrow['fk_user_id']][] = $rsrow2;
}
if (!isset($filters[$rsrow['fk_user_id']])) {
$filters[$rsrow['fk_user_id']] = array();
}
}
if (!isset($notifs[$rsrow['fk_user_id']])) {
$notifs[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'notify_me');
}
$notify = true;
$was_sent = false;
// was sent by a filter?
if (!empty($filters[$rsrow['fk_user_id']])) {
for ($i = 0; isset($filters[$rsrow['fk_user_id']][$i]); ++$i) {
$filter = $filters[$rsrow['fk_user_id']][$i];
switch ($filter['filter_type']) {
case FILTER_SENDER:
if ($rsrow['fk_user_id_other'] == $filter['field_value']) {
if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
$into = "`{$dbtable_prefix}user_spambox`";
$notify = false;
} else {
$into = "`{$dbtable_prefix}user_inbox`";
$rsrow['fk_folder_id'] = $filter['fk_folder_id'];
}
$query = "INSERT INTO {$into} SET ";
foreach ($rsrow as $k => $v) {
$query .= "`{$k}`='{$v}',";
}
$query = substr($query, 0, -1);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i], $rsrow);
}
}
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i], $rsrow);
}
}
$was_sent = true;
}
break 2;
// exit the filters for() too
}
}
}
if (!$was_sent) {
// no filter here - insert directly in inbox
$query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET ";
foreach ($rsrow as $k => $v) {
$query .= "`{$k}`='{$v}',";
}
$query = substr($query, 0, -1);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i], $rsrow);
}
}
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i], $rsrow);
}
}
}
if ($notifs[$rsrow['fk_user_id']] && $notify) {
$emails[] = $temp;
}
}
if (!empty($mail_ids)) {
$query = "DELETE FROM `{$dbtable_prefix}queue_message` WHERE `mail_id` IN ('" . join("','", $mail_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
if (!empty($receivers)) {
$uids = array();
// we build an array like array(num_messages1=>array(uid1,uid2,..),num_messages2=>array(uid3,uid4...),...)
// this way we can add score for more users at once, saving some processing time
foreach ($receivers as $uid => $num) {
if (isset($uids[$num])) {
$uids[$num][] = $uid;
} else {
$uids[$num] = array($uid);
}
}
foreach ($uids as $num => $nuids) {
add_member_score($nuids, 'new_message', $num);
}
}
// send the notification emails
if (!empty($emails)) {
for ($i = 0; isset($emails[$i]); ++$i) {
send_template_email($emails[$i]['email'], $emails[$i]['subject'], 'new_message.html', $def_skin, $emails[$i]);
}
}
return true;
}
function on_after_approve_comment()
{
global $dbtable_prefix, $comment_ids, $comment_type, $__field2format;
switch ($comment_type) {
case 'blog':
$table = "`{$dbtable_prefix}comments_blog`";
$parent_table = "`{$dbtable_prefix}blog_posts`";
$parent_key = "`post_id`";
break;
case 'photo':
$table = "`{$dbtable_prefix}comments_photo`";
$parent_table = "`{$dbtable_prefix}user_photos`";
$parent_key = "`photo_id`";
break;
case 'user':
$table = "`{$dbtable_prefix}comments_profile`";
$parent_table = "`{$dbtable_prefix}user_profiles`";
$parent_key = "`fk_user_id`";
break;
}
// only for new comments (because of the processed=0)
$query = "SELECT a.`comment_id`,a.`_user` as `comment_poster`,a.`fk_parent_id`,a.`fk_user_id`,b.`fk_user_id` as `fk_parent_owner_id` FROM {$table} a,{$parent_table} b WHERE a.`comment_id` IN ('" . join("','", $comment_ids) . "') AND a.`fk_parent_id`=b.{$parent_key} AND a.`processed`=0";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$comment_ids = array();
// yup
$parent_ids = array();
$user_ids = array();
$parent_owner_ids = array();
$notifs = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$comment_ids[] = $rsrow['comment_id'];
// get only the not processed ones
if (isset($parent_ids[$rsrow['fk_parent_id']])) {
++$parent_ids[$rsrow['fk_parent_id']];
} else {
$parent_ids[$rsrow['fk_parent_id']] = 1;
}
if (isset($user_ids[$rsrow['fk_user_id']])) {
++$user_ids[$rsrow['fk_user_id']];
} else {
$user_ids[$rsrow['fk_user_id']] = 1;
}
if ($rsrow['fk_parent_owner_id'] != $rsrow['fk_user_id']) {
if (!isset($notifs[$rsrow['fk_parent_owner_id']])) {
$notifs[$rsrow['fk_parent_owner_id']]['comment_poster'] = $rsrow['comment_poster'];
$notifs[$rsrow['fk_parent_owner_id']]['comment_id'] = $rsrow['comment_id'];
$notifs[$rsrow['fk_parent_owner_id']]['parent_id'] = $rsrow['fk_parent_id'];
}
if (isset($parent_owner_ids[$rsrow['fk_parent_owner_id']])) {
++$parent_owner_ids[$rsrow['fk_parent_owner_id']];
} else {
$parent_owner_ids[$rsrow['fk_parent_owner_id']] = 1;
}
}
}
// increment the number of comments of the item(s)
if ($comment_type != 'user') {
foreach ($parent_ids as $pid => $num) {
$query = "UPDATE {$parent_table} SET `stat_comments`=`stat_comments`+{$num} WHERE {$parent_key}='{$pid}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
foreach ($parent_ids as $pid => $num) {
update_stats($pid, 'profile_comments', $num);
}
}
// add the "received_comment" score to the owner of the item
foreach ($parent_owner_ids as $uid => $num) {
if (!empty($uid)) {
add_member_score($uid, 'received_comment', $num);
}
}
// add the "comments_made" score to the poster of the comment
foreach ($user_ids as $uid => $num) {
if (!empty($uid)) {
update_stats($uid, 'comments_made', $num);
}
}
// mark the posted comment(s) as not new anymore so we won't process them again next time.
if (!empty($comment_ids)) {
$query = "UPDATE {$table} SET `processed`=1 WHERE `comment_id` IN ('" . join("','", $comment_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
// send notifications to item owners.
foreach ($notifs as $uid => $v) {
$notification['fk_user_id'] = $uid;
$notification['message_type'] = MESS_SYSTEM;
switch ($comment_type) {
case 'blog':
$notification['subject'] = sanitize_and_format($GLOBALS['_lang'][160], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
$notification['message_body'] = sanitize_and_format(sprintf($GLOBALS['_lang'][161], $v['comment_poster'], $v['parent_id'], $v['comment_id']), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
break;
case 'photo':
$notification['subject'] = sanitize_and_format($GLOBALS['_lang'][162], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
$notification['message_body'] = sanitize_and_format(sprintf($GLOBALS['_lang'][163], $v['comment_poster'], $v['parent_id'], $v['comment_id']), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
break;
case 'user':
$notification['subject'] = sanitize_and_format($GLOBALS['_lang'][164], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
$notification['message_body'] = sanitize_and_format(sprintf($GLOBALS['_lang'][165], $v['comment_poster'], $v['comment_id']), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
break;
}
queue_or_send_message($notification);
}
}
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
if (is_file(_BASEPATH_ . '/events/processors/logout.php')) {
include _BASEPATH_ . '/events/processors/logout.php';
}
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i]);
}
}
@mysql_query($query);
add_member_score($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'login', -1);
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $_SESSION[_LICENSE_KEY_]['user']['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i]);
}
}
}
$_SESSION[_LICENSE_KEY_]['user'] = array();
unset($_SESSION[_LICENSE_KEY_]['user']);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
header('Expires: Mon,26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D,d M Y H:i:s') . ' GMT');
require_once 'include.php';
$act = $_REQUEST['act'];
if ($act === 'login') {
$msg = login();
} elseif ($act === 'logout') {
$msg = logout();
} elseif ($act === 'add_member') {
$msg = add_member();
} elseif ($act === 'edit_member') {
$msg = edit_member();
} elseif ($act === 'add_member_fee') {
$msg = add_member_fee();
} elseif ($act === 'add_member_fen') {
$msg = add_member_fen();
} elseif ($act === 'add_member_score') {
$msg = add_member_score();
} elseif ($act === 'delete_member') {
$msg = delete_member();
} elseif ($act === 'add_grade') {
$msg = change_grade(1);
} elseif ($act === 'minus_grade') {
$msg = change_grade(2);
} elseif ($act === 'update_month_fee') {
$msg = update_month_fee();
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="">
function thankyou(&$tpl)
{
$myreturn = false;
global $dbtable_prefix;
$input = array();
$output = array();
foreach ($this->from_tco['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $GLOBALS['__field2type'][$v], $GLOBALS['__field2format'][$v], $this->from_tco['defaults'][$k]);
}
$input['x_amount'] = number_format($input['x_amount'], 2, '.', '');
$input['x_Email'] = strtolower($input['x_Email']);
$input['card_holder_name'] = ucwords(strtolower($input['card_holder_name']));
if (strcasecmp($input['x_2checked'], 'Y') == 0) {
if ($this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
$input['x_trans_id'] = 1;
}
if ($input['x_response_code'] == 1) {
// processed ok
if (strcasecmp($input['x_MD5_Hash'], strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))) == 0) {
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['internal_id'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['x_amount'], 2)) {
if (strcasecmp($input['demo'], 'Y') != 0 || $this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
require_once _BASEPATH_ . '/includes/iso31661a3.inc.php';
if (isset($GLOBALS['iso31661a3'][$input['x_Country']])) {
$input['country'] = $GLOBALS['iso31661a3'][$input['x_Country']];
// needed for the fraud check
$input['email'] = $input['x_Email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from 2CheckOut. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from 2co not found in iso31661a3.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`='" . $real_subscr['subscr_id'] . "',`gw_txn`='" . $input['x_trans_id'] . "',`name`='" . $input['card_holder_name'] . "',`country`='" . $input['x_Country'] . "',`state`='" . $input['x_State'] . "',`city`='" . $input['x_City'] . "',`zip`='" . $input['x_Zip'] . "',`street_address`='" . $input['x_Address'] . "',`email`='" . $input['x_Email'] . "',`phone`='" . $input['x_Phone'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['x_amount'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . addslashes($this->fraud_reason) . "',`date`=now(),`paid_from`='{$now}'";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
} else {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['x_trans_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($input)));
}
} else {
// paid price doesn't match the subscription price
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($input)));
}
} else {
// if the subscr_id was not found
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($input)));
}
} else {
// if the user_id was not found
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($input)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
} else {
// dm_item_type is neither 'prod' nor 'subscr'
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($input)));
}
} else {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][199]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid hash code received after payment: ' . array2qs($input) . '. My hash:' . strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))));
}
} else {
$tpl->set_var('gateway_text', sprintf($GLOBALS['_lang'][200], $input['x_response_reason_text'], $input['x_response_reason_code']));
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error: ' . $input['x_response_reason_text'] . '(' . $input['x_response_reason_code'] . ")\n" . array2qs($input)));
}
} else {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][201]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error. Card not processed. ' . array2qs($input)));
}
return $myreturn;
}
redirect2page('info.php', $topass);
}
$output['lang_273'] = sanitize_and_format($GLOBALS['_lang'][273], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_274'] = sanitize_and_format($GLOBALS['_lang'][274], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_256'] = sanitize_and_format($GLOBALS['_lang'][256], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['return2me'] = 'profile.php';
if (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'profile.html');
$tpl->set_var('output', $output);
$tpl->set_var('tplvars', $tplvars);
$tpl->set_loop('categs', $categs);
$tpl->set_loop('user_photos', $user_photos);
$tpl->set_loop('loop_comments', $loop_comments);
$tpl->set_loop('loop_friends', $loop_friends);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL);
$tpl->drop_loop('categs');
$tpl->drop_loop('user_photos');
unset($categs);
unset($user_photos);
$tplvars['page'] = 'profile';
$tplvars['css'] = 'profile.css';
if (is_file('profile_left.php')) {
include 'profile_left.php';
}
include 'frame.php';
update_stats($uid, 'pviews', 1);
add_member_score($uid, 'pview');
trigger_error(mysql_error(), E_USER_ERROR);
}
// this sucks...the code below is taken from on_after_approve_photo(). In the future, when new functionality that depends on the main photo will be added, we'll have to change the code there and here too.
$query = "UPDATE `{$dbtable_prefix}blog_posts` SET `last_changed`='{$now}' WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}comments_blog` SET `last_changed`='{$now}' WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}comments_photo` SET `last_changed`='{$now}' WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
add_member_score($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'del_main_photo');
}
foreach ($input['caption'] as $photo_id => $caption) {
$query = "UPDATE `{$dbtable_prefix}user_photos` SET `is_private`=" . (isset($input['is_private'][$photo_id]) ? 1 : 0) . ",`allow_comments`=" . (isset($input['allow_comments'][$photo_id]) ? 1 : 0) . ",`last_changed`='{$now}'";
if ($input['is_main'] == $photo_id) {
$query .= ",`is_main`=1";
} else {
$query .= ",`is_main`=0";
}
if (isset($captions_changed[$photo_id])) {
$query .= ",`caption`='{$caption}'";
if (!empty($config['manual_photo_approval'])) {
$query .= ",`status`=" . STAT_PENDING;
} else {
// leave as it was - whatever it was.
// $query.=",`status`=".STAT_APPROVED;
function process(&$input, $type)
{
global $dbtable_prefix, $tpl;
if (!isset($tpl)) {
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
}
// require_once _BASEPATH_.'/includes/classes/log_error.class.php';
// new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true)));
if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) {
// some transformations
parse_str($input['custom'], $temp);
if (!empty($temp['uid'])) {
$input['user_id'] = $temp['uid'];
}
$input['dm_item_type'] = $temp['dit'];
$input['business'] = strtolower($input['business']);
$input['receiver_email'] = strtolower($input['receiver_email']);
$input['first_name'] = ucwords(strtolower($input['first_name']));
$input['last_name'] = ucwords(strtolower($input['last_name']));
$query = "SELECT get_lock('" . $input['txn_id'] . "',10)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res, 0, 0) == 1) {
$query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
// the other process already did the job. Let's release the lock
if ($type == 'pdt') {
$output = mysql_fetch_assoc($res);
// tell member that he will receive everything by email
if ($output['is_subscr']) {
if ($output['is_suspect']) {
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
} else {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
$tpl->set_file('gateway_text', 'thankyou_prod_nok.html');
}
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// we arrived before the other process, let's do the dirty work...
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) {
if (strcasecmp($input['payment_status'], 'Completed') == 0) {
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) {
if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) {
require_once _BASEPATH_ . '/includes/iso31661a2.inc.php';
if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) {
$input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']];
$input['email'] = $input['payer_email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
if ($type == 'pdt') {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
if ($type == 'pdt') {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST)));
}
} else {
// paid price doesn't match the subscription price
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST)));
}
} else {
// if the subscr_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST)));
}
} else {
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][190]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST)));
}
} elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) {
$query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$payment_id = mysql_result($res, 0, 0);
$now = gmdate('Ymd');
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// invalid eot.
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST)));
}
} else {
// unhandled txn_type
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][191]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST)));
}
} else {
// if the user_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST)));
} else {
// dm_item_type is neither 'prod' nor 'subscr'
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST)));
}
// job done, release the lock
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
// we could not obtain the lock.
// The other process is taking too long but at least this should mean that it is handling this
}
} else {
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST)));
}
}
