function requestRecommendation($user_id, $author, $email, $message)
{
if (!checkLock("peer")) {
return 6;
}
$config = $GLOBALS['config'];
$user_id = escape($user_id);
$author = escape($author);
$email = escape($email);
if (!validEmail($email)) {
return 1;
}
if (strlen($author) <= 3) {
return 2;
}
//make sure there aren't too many recommendations already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
$row = mysql_fetch_row($result);
if ($row[0] >= $config['max_recommend']) {
return 4;
//too many recommendations
}
//ensure this email hasn't been asked with this user already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
return 5;
//email address already asked
}
lockAction("peer");
//first create an instance
$instance_id = customCreate(customGetCategory('recommend', true), $user_id);
//insert into recommendations table
$auth = escape(uid(64));
mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
$recommend_id = mysql_insert_id();
$userinfo = getUserInformation($user_id);
//array (username, email address, name)
//send email now
$content = page_db("request_recommendation");
$content = str_replace('$USERNAME$', $userinfo[0], $content);
$content = str_replace('$USEREMAIL$', $userinfo[1], $content);
$content = str_replace('$NAME$', $userinfo[2], $content);
$content = str_replace('$AUTHOR$', $author, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$MESSAGE$', page_convert($message), $content);
$content = str_replace('$AUTH$', $auth, $content);
$content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
$result = one_mail("Recommendation request", $content, $email);
if ($result) {
return 0;
} else {
return 3;
}
}
function createDeposit($club_id, $purchase_description, $amount)
{
$purchase_description = escape($purchase_description);
$amount = escape($amount);
//first create an instance
$instance_id = customCreate(customGetCategory('purchase', true), $club_id);
$curr_time = time();
//insert into purchase table
mysql_query("INSERT INTO purchase_order (club_id, instance_id, status, filename, submit_time, description, amount) VALUES ('{$club_id}', '{$instance_id}', '100', '', '{$curr_time}', '{$purchase_description}', '{$amount}' )");
$purchase_id = mysql_insert_id();
mysql_query("UPDATE purchase_order SET id=id*-1 WHERE id={$purchase_id}");
mysql_query("UPDATE clubs SET money=money+{$amount} where id={$club_id}") or die(mysql_error());
if ($purchase_id) {
return $purchase_id;
} else {
return -1;
}
}
<?php
include "../config.php";
include "../include/common.php";
include "../include/db_connect.php";
include "../include/session.php";
include "../include/custom.php";
if (isset($_SESSION['root'])) {
//make sure default custom categories exist
customGetCategory("recommend", true);
if (isset($_REQUEST['action'])) {
$action = $_REQUEST['action'];
if ($action == 'add' && isset($_REQUEST['username']) && isset($_REQUEST['group_id'])) {
$user_id = getUserId($_REQUEST['username']);
if ($user_id !== FALSE) {
if (substr($_REQUEST['group_id'], 0, 1) == 'g') {
if (alterAdminGroups($user_id, false, substr($_REQUEST['group_id'], 1))) {
$success = "Admin added successfully!";
} else {
$error = "Admin not added! This admin may already be associated with that group!";
}
} else {
if (substr($_REQUEST['group_id'], 0, 1) == 'c') {
if (customAlterAdmin($user_id, false, substr($_REQUEST['group_id'], 1))) {
$success = "Admin added successfully!";
} else {
$error = "Admin not added! This admin may already be associated with that group!";
}
}
}
} else {