function output($postid, $message = false) { global $vbulletin; if ($vbulletin->GPC['ajax']) { global $threadinfo, $postinfo, $stylevar; $box = showAwardBox($postinfo['postid'], true); $permAward = fetchPerm($vbulletin->userinfo, $postinfo, $threadinfo); $post['postid'] = $postinfo['postid']; $ajaxing = true; //variable used in template eval('$button = " ' . fetch_template('kbank_award_button') . '";'); require_once DIR . '/includes/class_xml.php'; $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('response'); $xml->add_tag('product', 'kbank_award'); $xml->add_tag('box', $box); $xml->add_tag('button', $button); if ($message) { $xml->add_tag('message', $message); } $xml->close_group(); $xml->print_xml(true); } if (!$vbulletin->GPC['ajax'] and $message) { $vbulletin->url = "showthread.php?" . $vbulletin->session->vars['sessionurl'] . "p={$postid}"; eval(print_standard_redirect($message, false, true)); } exit; //just in case... }
} if ($_REQUEST['do'] == 'RemoveClicked') { //display remove awarded form if (!($postid > 0) || $postid == '' || !can_moderate($forumid) || !$vbulletin->userinfo['canRemoveAwarded']) { //outputError($vbphrase['kbank_award_mes_noperm']); print_no_permission(); } eval('print_output("' . fetch_template('kbank_award_confirm') . '");'); } if ($_REQUEST['do'] == 'add') { //do award/thank $vbulletin->input->clean_array_gpc('p', array('userid' => TYPE_INT, 'points' => TYPE_INT, 'reason' => TYPE_STR)); $points = $vbulletin->GPC['points']; $reason = htmlspecialchars_uni(convert_urlencoded_unicode($vbulletin->GPC['reason'])); //decode reason $permAward = fetchPerm($vbulletin->userinfo, $postinfo, $threadinfo); if ($vbulletin->GPC['userid'] == 0) { //trying to award if ($permAward['award']) { //enough permission if (is_numeric($points) and ($vbulletin->userinfo['minAward'] <= $points and $points <= $vbulletin->userinfo['maxAward'] or $vbulletin->userinfo['maxAward'] == 0)) { //valid amount range if ($points != 0 && $reason != "") { //valid amount/reason value $cur = $vbulletin->db->query_first("\n\t\t\t\t\t\t\tSELECT SUM(ABS(amount)) AS total\n\t\t\t\t\t\t\tFROM `" . TABLE_PREFIX . "kbank_donations`\n\t\t\t\t\t\t\tWHERE (time + 24*60*60) >= " . TIMENOW . "\n\t\t\t\t\t\t"); $cur = $cur['total']; if (ap_inLimit($points, $cur, $maxp_24h)) { //check for 24h limit $messages = array(); $result = ap_doHistory($postid, $points, $reason); //do our job!