public static function delete_reward_image($id)
{
global $db;
if (!$GLOBALS['me']->is_admin) {
return false;
}
$id = (array) $id;
$stmt = $db->stmt_init();
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "rewards SET image = '' WHERE id = ?");
foreach ($id as $ID) {
if (\query\main::reward_exists($ID)) {
$reward = \query\main::reward_infos($ID);
$stmt->bind_param("i", $ID);
$stmt->execute();
if (!empty($reward->image)) {
@unlink(DIR . '/' . $reward->image);
}
}
}
@$stmt->close();
return true;
}
</div>';
break;
/** EDIT REWARD */
/** EDIT REWARD */
case 'edit':
if (!$GLOBALS['me']->is_admin) {
die;
}
$csrf = \site\utils::str_random(10);
echo '<div class="title">
<h2>' . $LANG['rewards_edit_title'] . '</h2>
<div style="float:right; margin: 0 2px 0 0;">';
if (isset($_GET['id']) && ($reward_exists = \query\main::reward_exists($_GET['id']))) {
$info = \query\main::reward_infos($_GET['id']);
echo '<div class="options">
<a href="#" class="btn">' . $LANG['options'] . '</a>
<ul>
<li><a href="?route=rewards.php&action=delete&id=' . $_GET['id'] . '&token=' . $csrf . '" data-delete-msg="' . $LANG['delete_msg'] . '">' . $LANG['delete'] . '</a></li>
</ul>
</div>';
}
echo '<a href="?route=rewards.php&action=list" class="btn">' . $LANG['rewards_view'] . '</a>
</div>';
if (!empty($LANG['rewards_edit_subtitle'])) {
echo '<span>' . $LANG['rewards_edit_subtitle'] . '</span>';
}
echo '</div>';
if ($reward_exists) {
public static function get_reward($id, $post)
{
global $db, $LANG;
if (!$GLOBALS['me']) {
throw new \Exception($LANG['msg_error']);
}
if (!\query\main::reward_exists($id, array('user_view'))) {
throw new \Exception($LANG['claim_reward_dontexist']);
} else {
if (($reward = \query\main::reward_infos($id)) && $reward->points > $GLOBALS['me']->Points) {
throw new \Exception($LANG['claim_reward_mrepts']);
} else {
// check required fields
foreach ($reward->fields as $field) {
if ((bool) $field['require']) {
switch ($field['type']) {
case 'email':
if (!isset($post[$field['name']]) || !filter_var($post[$field['name']], FILTER_VALIDATE_EMAIL)) {
throw new \Exception($LANG['claim_reward_reqinv']);
}
break;
case 'number':
if (!isset($post[$field['name']]) || !filter_var($post[$field['name']], FILTER_VALIDATE_INT)) {
throw new \Exception($LANG['claim_reward_reqinv']);
}
break;
default:
if (empty($post[$field['name']])) {
throw new \Exception($LANG['claim_reward_reqinv']);
}
break;
}
}
}
$stmt = $db->stmt_init();
$stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "rewards_reqs (name, user, points, reward, fields, lastupdate_by, lastupdate, claimed, date) VALUES (?, ?, ?, ?, ?, ?, NOW(), 0, NOW())");
$fields = @serialize($post);
$stmt->bind_param("siiisi", $reward->title, $GLOBALS['me']->ID, $reward->points, $reward->ID, $fields, $GLOBALS['me']->ID);
if ($stmt->execute()) {
// deduct points from this user
\user\update::add_points($GLOBALS['me']->ID, -$reward->points);
$stmt->close();
return true;
} else {
$stmt->close();
throw new \Exception($LANG['msg_error']);
}
}
}
}