Exemplo n.º 1
0
function write_and_send_email($email, $user_id, $data)
{
    global $globalsuccess, $out, $sentemails, $nomail;
    if ($user_id) {
        $data = "As a registered user, visit http://www.openaustralia.org/user/\nto unsubscribe from, or manage, your alerts.\n\n" . $data;
    } else {
        $data = "If you register on the site, you will be able to manage your\nalerts there as well as post comments. :)\n\n" . $data;
    }
    $out .= "SEND: Sending email to {$email}\n";
    print "SEND: Sending email to {$email}\n";
    $sentemails++;
    $d = array('to' => $email, 'template' => 'alert_mailout');
    $m = array('DATA' => $data);
    if (!$nomail) {
        $success = send_template_email($d, $m);
        usleep(500000);
    } else {
        $success = 1;
        $out .= $data . "\n\n";
        #		print $data . "\n\n";
    }
    if (!$success) {
        $globalsuccess = 0;
    }
}
Exemplo n.º 2
0
Arquivo: join.php Projeto: babae/etano
     }
 }
 if (!$error) {
     if ($input['page'] == 1) {
         $input['temp_pass'] = md5(gen_pass(6));
         $query = "INSERT IGNORE INTO `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "',`" . USER_ACCOUNT_PASS . "`=md5('" . $input['pass'] . "'),`email`='" . $input['email'] . "',`membership`=2,`status`=" . ASTAT_UNVERIFIED . ",`temp_pass`='" . $input['temp_pass'] . "'";
         if (!($res = @mysql_query($query))) {
             trigger_error(mysql_error(), E_USER_ERROR);
         }
         $_SESSION[_LICENSE_KEY_]['user']['reg_id'] = mysql_insert_id();
         $_SESSION[_LICENSE_KEY_]['user']['user'] = $input['user'];
         // for `dsb_payments`
         $_SESSION[_LICENSE_KEY_]['user']['email'] = $input['email'];
         // for info_signup.html
         $input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
         send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
     }
     $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
     if (!($res = @mysql_query($query))) {
         trigger_error(mysql_error(), E_USER_ERROR);
     }
     $is_update = false;
     if (mysql_num_rows($res)) {
         $is_update = true;
     }
     $now = gmdate('YmdHis');
     if ($is_update) {
         $query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'";
     } else {
         $query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'";
     }
Exemplo n.º 3
0
 function create($COMMENT, $reportdata)
 {
     // For when a user posts a report on a comment.
     // $reportdata is an array like:
     //	array (
     //		'body' => 'some text',
     //		'firstname'	=> 'Billy',
     //		'lastname'	=> 'Nomates',
     //		'email'		=> '*****@*****.**'
     //	)
     // But if the report was made by a logged-in user, only the
     // 'body' element should really contain anything, because
     // we use $THEUSER's id to get the rest.
     // $COMMENT is an existing COMMENT object, needed for setting
     // its modflag and comment_id.
     global $THEUSER, $PAGE;
     if (!$THEUSER->is_able_to('reportcomment')) {
         $PAGE->error_message("Sorry, you are not allowed to post reports.");
         return false;
     }
     if (is_numeric($THEUSER->user_id()) && $THEUSER->user_id() > 0) {
         // Flood check - make sure the user hasn't just posted a report recently.
         // To help prevent accidental duplicates, among other nasty things.
         // (Non-logged in users are all id == 0.)
         $flood_time_limit = 20;
         // How many seconds until a user can post again?
         $q = $this->db->query("SELECT report_id\n\t\t\t\t\t\t\tFROM\tcommentreports\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\treported + 0 > NOW() - {$flood_time_limit}");
         if ($q->rows() > 0) {
             $PAGE->error_message("Sorry, we limit people to posting one report per {$flood_time_limit} seconds to help prevent duplicate reports. Please go back and try again, thanks.");
             return false;
         }
     }
     // Tidy up body.
     $body = filter_user_input($reportdata['body'], 'comment');
     // In utility.php
     $time = gmdate("Y-m-d H:i:s");
     if ($THEUSER->isloggedin()) {
         $sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, user_id)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($THEUSER->user_id()) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t";
     } else {
         $sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, firstname, lastname, email)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['firstname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['lastname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['email']) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t";
     }
     $q = $this->db->query($sql);
     if ($q->success()) {
         // Inserted OK, so set up this object's variables.
         $this->report_id = $q->insert_id();
         $this->comment_id = $COMMENT->comment_id();
         $this->body = $body;
         $this->reported = $time;
         if ($THEUSER->isloggedin()) {
             $this->user_id = $THEUSER->user_id();
             $this->firstname = $THEUSER->firstname();
             $this->lastname = $THEUSER->lastname();
         } else {
             $this->email = $reportdata['email'];
             $this->firstname = $reportdata['firstname'];
             $this->lastname = $reportdata['lastname'];
         }
         // Set the comment's modflag to on.
         $COMMENT->set_modflag('on');
         // Notify those who need to know that there's a new report.
         $URL = new URL('admin_commentreport');
         $URL->insert(array('rid' => $this->report_id, 'cid' => $this->comment_id));
         $emailbody = "A new comment report has been filed by " . $this->user_name() . ".\n\n";
         $emailbody .= "COMMENT:\n" . $COMMENT->body() . "\n\n";
         $emailbody .= "REPORT:\n" . $this->body . "\n\n";
         $emailbody .= "To manage this report follow this link: http://" . DOMAIN . $URL->generate('none') . "\n";
         send_email(REPORTLIST, 'New comment report', $emailbody);
         // Send an email to the user to thank them.
         if ($THEUSER->isloggedin()) {
             $email = $THEUSER->email();
         } else {
             $email = $this->email();
         }
         $data = array('to' => $email, 'template' => 'report_acknowledge');
         $merge = array('FIRSTNAME' => $this->firstname(), 'LASTNAME' => $this->lastname(), 'COMMENTURL' => "http://" . DOMAIN . $COMMENT->url(), 'REPORTBODY' => strip_tags($this->body()));
         // send_template_email in utility.php.
         send_template_email($data, $merge);
         return true;
     } else {
         return false;
     }
 }
Exemplo n.º 4
0
 public function send_already_signedup_email($details)
 {
     $data = array('to' => $details['email'], 'template' => 'alert_already_signedup');
     $criteria = alert_details_to_criteria($details);
     $this->criteria = $criteria;
     $merge = array('FIRSTNAME' => 'THEY WORK FOR YOU', 'LASTNAME' => ' ALERT ALREADY SIGNED UP', 'CRITERIA' => $this->criteria_pretty());
     $success = send_template_email($data, $merge);
     if ($success) {
         return true;
     } else {
         return false;
     }
 }
Exemplo n.º 5
0
function resolve($REPORT, $COMMENT)
{
    // The user has chosen to either delete or not delete the comment.
    // And we might be sending emails.
    global $PAGE;
    if (get_http_var('deletecomment') == 'true') {
        $upheld = true;
    } else {
        $upheld = false;
    }
    $success = $REPORT->resolve($upheld, $COMMENT);
    if ($success) {
        if ($upheld == true) {
            print "<p>The comment has been deleted.</p>\n";
        }
        print "<p>The report has been resolved.</p>\n";
        if (get_http_var('sendtoreporter') == 'true') {
            // We're sending an email to the reporter.
            // Either approving or declining what they suggested.
            if ($REPORT->user_id() > 0) {
                // The reporting user was logged in at the time,
                // so get their email address.
                $USER = new USER();
                $USER->init($REPORT->user_id());
                $email = $USER->email();
            } else {
                // Non-logged-in user; they should have left their address.
                $email = $REPORT->email();
            }
            // Prepare the data needed for either email.
            $data = array('to' => $email);
            $merge = array('FIRSTNAME' => $REPORT->firstname(), 'LASTNAME' => $REPORT->lastname(), 'REPORTBODY' => strip_tags($REPORT->body()));
            // Add stuff specific to each type of email.
            if ($upheld == true) {
                $data['template'] = 'report_upheld';
            } else {
                $data['template'] = 'report_declined';
                $merge['COMMENTURL'] = 'http://' . DOMAIN . $COMMENT->url();
                $merge['REASON'] = get_http_var('declinedreason');
            }
            $success = send_template_email($data, $merge);
            if ($success) {
                print "<p>An email has been sent to the person who made the report.</p>\n";
            } else {
                $PAGE->error_message("Failed when sending an email to the person who made the report.");
            }
        }
        if (get_http_var('sendtocommenter') == 'true') {
            // We're telling the commenter that their comment has been deleted.
            $USER = new USER();
            $USER->init($COMMENT->user_id());
            // Create the URL for if a user wants to return and post another comment.
            // Remove the anchor for their now deleted comment.
            $addcommentsurl = 'http://' . DOMAIN . preg_replace("/#.*\$/", '#addcomment', $COMMENT->url());
            $data = array('to' => $USER->email(), 'template' => 'comment_deleted_blank', 'subject' => 'One of your comments has been deleted');
            $merge = array('REPLYBODY' => get_http_var('commentermail'), 'FIRSTNAME' => $USER->firstname(), 'LASTNAME' => $USER->lastname(), 'ADDCOMMENTURL' => $addcommentsurl, 'COMMENTBODY' => strip_tags($COMMENT->body()));
            // We only send this email if a comment has been deleted.
            $success = send_template_email($data, $merge);
            if ($success) {
                print "<p>An email has been sent to the person who posted the comment.</p>\n";
            } else {
                $PAGE->error_message("Failed when sending an email to the person who posted the comment.");
            }
        }
    }
    $URL = new URL('admin_home');
    print '<p><a href="' . $URL->generate() . '">Back</a></p>';
}
Exemplo n.º 6
0
 function send_confirmation_email($details)
 {
     // After we've add()ed an alert we'll be sending them
     // a confirmation email with a link to confirm their address.
     // $details is the array we just sent to add(), and which it's
     // passed on to us here.
     // A brief check of the facts...
     if (!is_numeric($this->alert_id) || !isset($details['email']) || $details['email'] == '') {
         return false;
     }
     // We prefix the registration token with the alert's id and '-'.
     // Not for any particularly good reason, but we do.
     $urltoken = $this->alert_id . '-' . $this->registrationtoken;
     $confirmurl = 'http://' . DOMAIN . '/A/' . $urltoken;
     // Arrays we need to send a templated email.
     $data = array('to' => $details['email'], 'template' => 'alert_confirmation');
     $merge = array('FIRSTNAME' => 'THEY WORK FOR YOU', 'LASTNAME' => ' ALERT CONFIRMATION', 'CONFIRMURL' => $confirmurl, 'CRITERIA' => $this->criteria_pretty());
     $success = send_template_email($data, $merge);
     if ($success) {
         return true;
     } else {
         return false;
     }
 }
Exemplo n.º 7
0
        $input['error_email'] = 'red_border';
    }
    if (!$error) {
        $query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $error = true;
            $topass['message']['type'] = MESSAGE_ERROR;
            $topass['message']['text'][] = sprintf($GLOBALS['_lang'][204], $input['email']);
            $input['error_email'] = 'red_border';
        }
    }
    if (!$error) {
        $query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='new_email',`config_value`='" . $input['email'] . "'";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        $input['email2'] = rawurlencode($input['email']);
        send_template_email($input['email'], sprintf($GLOBALS['_lang'][40], _SITENAME_), 'email_change_confirm.html', get_my_skin(), $input);
        $topass['message']['type'] = MESSAGE_INFO;
        $topass['message']['text'][] = $GLOBALS['_lang'][39];
    } else {
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
redirect2page($nextpage, $topass, $qs);
Exemplo n.º 8
0
        }
    }
    unset($_SESSION['captcha_word']);
    if (!$error) {
        $query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`" . USER_ACCOUNT_USER . "` as `user`,`email` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $input = mysql_fetch_assoc($res);
            $input['temp_pass'] = md5(gen_pass(6));
            $input['ipaddr'] = $_SERVER['REMOTE_ADDR'];
            $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $input['uid'];
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            send_template_email($input['email'], sprintf($GLOBALS['_lang'][225], _SITENAME_), 'pass_reset.html', get_my_skin(), $input);
            $topass['message']['type'] = MESSAGE_INFO;
            $topass['message']['text'] = $GLOBALS['_lang'][89];
        } else {
            $topass['message']['type'] = MESSAGE_ERROR;
            $topass['message']['text'] = $GLOBALS['_lang'][90];
        }
    } else {
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
redirect2page($nextpage, $topass, $qs);
Exemplo n.º 9
0
<br><label for="sendname">Your name:</label> <input type="text" id="sendname" name="sender_name" value="<?php 
    echo $sender_name;
    ?>
" size="30">
<input type="hidden" name="pid" value="<?php 
    echo $pid;
    ?>
">
<br>(<a href="/privacy/">privacy policy</a>)
<input type="submit" class="submit" value="Send"></p>
</form>
<?php 
} else {
    $rep_name = $MEMBER->full_name();
    if ($MEMBER->house_disp == 1) {
        $rep_name .= ' MP';
    } elseif ($MEMBER->house_disp == 3) {
        $rep_name .= ' MLA';
    }
    $data = array('template' => 'email_a_friend', 'to' => $recipient_email, 'subject' => 'Find out all about ' . $rep_name);
    $url = $MEMBER->url();
    $merge = array('NAME' => $sender_name, 'EMAIL' => $sender_email, 'REP_NAME' => $rep_name, 'REP_URL' => $url);
    $success = send_template_email($data, $merge);
    if ($success) {
        print "<p>Your email has been sent successfully. Thank you for using TheyWorkForYou.</p> <p><a href=\"{$url}\">Return to " . $MEMBER->full_name() . "'s page</a></p>";
    } else {
        print "<p>Sorry, something went wrong trying to send an email. Please wait a few minutes and try again.</p>";
    }
}
$PAGE->stripe_end();
$PAGE->page_end();
Exemplo n.º 10
0
// the easiest way to detect if it was an ajax request or not is by this header
if (get_request_content_type() == "application/json") {
    $is_ajax = true;
    // PHP does not make this easy, this is a util I made
    $json = get_json();
    // i am declaring this formData object from the JS, you may want to send
    // up other information along with the form
    $template_data = $json["formData"];
} else {
    // this is the entire form, $_REQUEST["name"] will be the name, if you need
    // more stuff here, add a hidden input.
    $template_data = $_REQUEST;
}
try {
    // this is the main function, an exception will be thrown if this fails.
    send_template_email(array("to" => "*****@*****.**", "cc" => array("*****@*****.**", "*****@*****.**"), "bcc" => null, "subject" => "This is the subject", "bodyTemplate" => "email_template", "data" => $template_data));
    // handle the success
    if ($is_ajax) {
        JSONResponse(array("message" => "Email sent successfully."));
    } else {
        //redirect with no ajax
        header("Location: test.html?success=true");
    }
} catch (PEARErrorException $e) {
    // This exception class is a wrapper for receiving the Pear error
    // object when the email could not be sent.
    $error = $e->error;
    // if the error has a newline, it will break, seems google will return with newlines for invalid user/pass
    $message = str_replace("\n", " ", $error->message);
    if ($is_ajax) {
        JSONResponse(array("error" => $message), false);
Exemplo n.º 11
0
function send_queue_message()
{
    $limit = 50;
    // number of messages in a batch
    unset($_on_before_insert, $_on_after_insert);
    if (is_file(_BASEPATH_ . '/events/cronjobs/send_queue_message.php')) {
        include_once _BASEPATH_ . '/events/cronjobs/send_queue_message.php';
    }
    global $dbtable_prefix, $def_skin;
    include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
    $filters = array();
    $notifs = array();
    $emails = array();
    $mail_ids = array();
    $receivers = array();
    $query = "SELECT a.`mail_id`,a.`fk_user_id`,a.`fk_user_id_other`,a.`_user_other`,a.`subject`,a.`message_body`,a.`date_sent`,a.`message_type`,b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}queue_message` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` ORDER BY a.`mail_id` ASC LIMIT {$limit}";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    if (mysql_num_rows($res)) {
        while ($rsrow = mysql_fetch_assoc($res)) {
            $temp['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, FORMAT_TEXT2HTML);
            $temp['_user_other'] = $rsrow['_user_other'];
            if (empty($temp['_user_other']) && $rsrow['message_type'] == MESS_SYSTEM) {
                $temp['_user_other'] = $GLOBALS['_lang'][135];
            }
            $temp['email'] = $rsrow['email'];
            $temp['user'] = $rsrow['user'];
            $mail_ids[] = $rsrow['mail_id'];
            if (isset($receivers[$rsrow['fk_user_id']])) {
                ++$receivers[$rsrow['fk_user_id']];
            } else {
                $receivers[$rsrow['fk_user_id']] = 1;
            }
            unset($rsrow['mail_id'], $rsrow['email'], $rsrow['user']);
            $rsrow['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
            $rsrow['message_body'] = sanitize_and_format($rsrow['message_body'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
            if (!isset($filters[$rsrow['fk_user_id']])) {
                $query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $rsrow['fk_user_id'];
                if (!($res2 = @mysql_query($query))) {
                    trigger_error(mysql_error(), E_USER_ERROR);
                }
                while ($rsrow2 = mysql_fetch_assoc($res2)) {
                    $filters[$rsrow['fk_user_id']][] = $rsrow2;
                }
                if (!isset($filters[$rsrow['fk_user_id']])) {
                    $filters[$rsrow['fk_user_id']] = array();
                }
            }
            if (!isset($notifs[$rsrow['fk_user_id']])) {
                $notifs[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'notify_me');
            }
            $notify = true;
            $was_sent = false;
            // was sent by a filter?
            if (!empty($filters[$rsrow['fk_user_id']])) {
                for ($i = 0; isset($filters[$rsrow['fk_user_id']][$i]); ++$i) {
                    $filter = $filters[$rsrow['fk_user_id']][$i];
                    switch ($filter['filter_type']) {
                        case FILTER_SENDER:
                            if ($rsrow['fk_user_id_other'] == $filter['field_value']) {
                                if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
                                    $into = "`{$dbtable_prefix}user_spambox`";
                                    $notify = false;
                                } else {
                                    $into = "`{$dbtable_prefix}user_inbox`";
                                    $rsrow['fk_folder_id'] = $filter['fk_folder_id'];
                                }
                                $query = "INSERT INTO {$into} SET ";
                                foreach ($rsrow as $k => $v) {
                                    $query .= "`{$k}`='{$v}',";
                                }
                                $query = substr($query, 0, -1);
                                if (isset($_on_before_insert)) {
                                    for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
                                        call_user_func($_on_before_insert[$i], $rsrow);
                                    }
                                }
                                if (!($res2 = @mysql_query($query))) {
                                    trigger_error(mysql_error(), E_USER_ERROR);
                                }
                                if (isset($_on_after_insert)) {
                                    for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
                                        call_user_func($_on_after_insert[$i], $rsrow);
                                    }
                                }
                                $was_sent = true;
                            }
                            break 2;
                            // exit the filters for() too
                    }
                }
            }
            if (!$was_sent) {
                // no filter here - insert directly in inbox
                $query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET ";
                foreach ($rsrow as $k => $v) {
                    $query .= "`{$k}`='{$v}',";
                }
                $query = substr($query, 0, -1);
                if (isset($_on_before_insert)) {
                    for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
                        call_user_func($_on_before_insert[$i], $rsrow);
                    }
                }
                if (!($res2 = @mysql_query($query))) {
                    trigger_error(mysql_error(), E_USER_ERROR);
                }
                if (isset($_on_after_insert)) {
                    for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
                        call_user_func($_on_after_insert[$i], $rsrow);
                    }
                }
            }
            if ($notifs[$rsrow['fk_user_id']] && $notify) {
                $emails[] = $temp;
            }
        }
        if (!empty($mail_ids)) {
            $query = "DELETE FROM `{$dbtable_prefix}queue_message` WHERE `mail_id` IN ('" . join("','", $mail_ids) . "')";
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
        }
    }
    if (!empty($receivers)) {
        $uids = array();
        // we build an array like array(num_messages1=>array(uid1,uid2,..),num_messages2=>array(uid3,uid4...),...)
        // this way we can add score for more users at once, saving some processing time
        foreach ($receivers as $uid => $num) {
            if (isset($uids[$num])) {
                $uids[$num][] = $uid;
            } else {
                $uids[$num] = array($uid);
            }
        }
        foreach ($uids as $num => $nuids) {
            add_member_score($nuids, 'new_message', $num);
        }
    }
    // send the notification emails
    if (!empty($emails)) {
        for ($i = 0; isset($emails[$i]); ++$i) {
            send_template_email($emails[$i]['email'], $emails[$i]['subject'], 'new_message.html', $def_skin, $emails[$i]);
        }
    }
    return true;
}
Exemplo n.º 12
0
function write_and_send_email($current, $data, $template)
{
    global $globalsuccess, $sentemails, $nomail, $start_time;
    $data .= '====================';
    $sentemails++;
    mlog("SEND {$sentemails} : Sending email to {$current['email']} ... ");
    $d = array('to' => $current['email'], 'template' => $template);
    $m = array('DATA' => $data, 'MANAGE' => 'http://www.theyworkforyou.com/D/' . $current['token']);
    if (!$nomail) {
        $success = send_template_email($d, $m, true, true);
        # true = "Precedence: bulk", want bounces
        mlog("sent ... ");
        # sleep if time between sending mails is less than a certain number of seconds on average
        if ((time() - $start_time) / $sentemails < 0.5) {
            # number of seconds per mail not to be quicker than
            mlog("pausing ... ");
            sleep(1);
        }
    } else {
        mlog($data);
        $success = 1;
    }
    mlog("done\n");
    if (!$success) {
        $globalsuccess = 0;
    }
}
Exemplo n.º 13
0
function queue_or_send_message($mess_array, $force_send = false)
{
    global $dbtable_prefix;
    if (!$force_send) {
        require _BASEPATH_ . '/includes/tables/queue_message.inc.php';
        $query = "INSERT INTO `{$dbtable_prefix}queue_message` SET `date_sent`='" . gmdate('YmdHis') . "'";
        foreach ($queue_message_default['defaults'] as $k => $v) {
            if (isset($mess_array[$k])) {
                $query .= ",`{$k}`='" . $mess_array[$k] . "'";
            }
        }
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
    } else {
        require _BASEPATH_ . '/includes/tables/user_inbox.inc.php';
        $was_sent = false;
        // was sent by a filter?
        $notify_receiver = get_user_settings($mess_array['fk_user_id'], 'def_user_prefs', 'notify_me');
        // see if the receiver has any filters in place to re-route our message
        $query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $mess_array['fk_user_id'];
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        $filters = array();
        $filters[$mess_array['fk_user_id']] = array();
        while ($rsrow = mysql_fetch_assoc($res)) {
            $filters[$mess_array['fk_user_id']][] = $rsrow;
        }
        if (!empty($filters[$mess_array['fk_user_id']])) {
            for ($i = 0; isset($filters[$mess_array['fk_user_id']][$i]); ++$i) {
                $filter =& $filters[$mess_array['fk_user_id']][$i];
                switch ($filter['filter_type']) {
                    case FILTER_SENDER:
                        if ($mess_array['fk_user_id_other'] == $filter['field_value']) {
                            if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
                                $into = "`{$dbtable_prefix}user_spambox`";
                                $notify_receiver = false;
                                require _BASEPATH_ . '/includes/tables/user_inbox.inc.php';
                                $defaults_table =& $user_spambox_default;
                            } else {
                                $into = "`{$dbtable_prefix}user_inbox`";
                                $mess_array['fk_folder_id'] = $filter['fk_folder_id'];
                                $defaults_table =& $user_inbox_default;
                            }
                            $query = "INSERT INTO {$into} SET `date_sent`='" . gmdate('YmdHis') . "'";
                            foreach ($defaults_table['defaults'] as $k => $v) {
                                if (isset($mess_array[$k])) {
                                    $query .= ",`{$k}`='" . $mess_array[$k] . "'";
                                }
                            }
                            if (!($res = @mysql_query($query))) {
                                trigger_error(mysql_error(), E_USER_ERROR);
                            }
                            $was_sent = true;
                        }
                        break 2;
                        // exit the filters for() too
                }
            }
        }
        if (!$was_sent) {
            // no filter here - insert directly in inbox
            $query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET `date_sent`='" . gmdate('YmdHis') . "'";
            foreach ($user_inbox_default['defaults'] as $k => $v) {
                if (isset($mess_array[$k])) {
                    $query .= ",`{$k}`='" . $mess_array[$k] . "'";
                }
            }
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
        }
        if ($notify_receiver) {
            //	new message notification
            $mess_array['subject'] = sanitize_and_format($mess_array['subject'], TYPE_STRING, FORMAT_STRIPSLASH | FORMAT_TEXT2HTML);
            $def_skin = get_default_skin_dir();
            if (empty($mess_array['_user_other']) && $mess_array['message_type'] == MESS_SYSTEM) {
                include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
                $mess_array['_user_other'] =& $GLOBALS['_lang'][135];
            }
            $query = "SELECT a.`email`,b.`_user` FROM `" . USER_ACCOUNTS_TABLE . "` a,`{$dbtable_prefix}user_profiles` b WHERE a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` AND a.`" . USER_ACCOUNT_ID . "`='" . $mess_array['fk_user_id'] . "'";
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            if (mysql_num_rows($res)) {
                $receiver_email = mysql_result($res, 0, 0);
                $mess_array['user'] = mysql_result($res, 0, 1);
                send_template_email($receiver_email, $mess_array['subject'], 'new_message.html', $def_skin, $mess_array);
            }
        }
    }
}
Exemplo n.º 14
0
 function thankyou(&$tpl)
 {
     $myreturn = false;
     global $dbtable_prefix;
     $input = array();
     $output = array();
     foreach ($this->from_tco['types'] as $k => $v) {
         $input[$k] = sanitize_and_format_gpc($_POST, $k, $GLOBALS['__field2type'][$v], $GLOBALS['__field2format'][$v], $this->from_tco['defaults'][$k]);
     }
     $input['x_amount'] = number_format($input['x_amount'], 2, '.', '');
     $input['x_Email'] = strtolower($input['x_Email']);
     $input['card_holder_name'] = ucwords(strtolower($input['card_holder_name']));
     if (strcasecmp($input['x_2checked'], 'Y') == 0) {
         if ($this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
             $input['x_trans_id'] = 1;
         }
         if ($input['x_response_code'] == 1) {
             // processed ok
             if (strcasecmp($input['x_MD5_Hash'], strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))) == 0) {
                 if ($input['dm_item_type'] == 'subscr') {
                     $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
                     if (!($res = @mysql_query($query))) {
                         trigger_error(mysql_error(), E_USER_ERROR);
                     }
                     if (mysql_num_rows($res)) {
                         $real_user = mysql_fetch_assoc($res);
                         $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['internal_id'] . " AND `is_visible`=1";
                         if (!($res = @mysql_query($query))) {
                             trigger_error(mysql_error(), E_USER_ERROR);
                         }
                         if (mysql_num_rows($res)) {
                             $real_subscr = mysql_fetch_assoc($res);
                             if (number_format($real_subscr['price'], 2) == number_format($input['x_amount'], 2)) {
                                 if (strcasecmp($input['demo'], 'Y') != 0 || $this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
                                     require_once _BASEPATH_ . '/includes/iso31661a3.inc.php';
                                     if (isset($GLOBALS['iso31661a3'][$input['x_Country']])) {
                                         $input['country'] = $GLOBALS['iso31661a3'][$input['x_Country']];
                                         // needed for the fraud check
                                         $input['email'] = $input['x_Email'];
                                         $this->check_fraud($input);
                                     } else {
                                         $this->is_fraud = true;
                                         $this->fraud_reason = 'Invalid country code received from 2CheckOut. Please contact administrator.';
                                         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                         new log_error(array('module_name' => get_class($this), 'text' => 'country code received from 2co not found in iso31661a3.inc.php file' . array2qs($_POST)));
                                     }
                                     if (!empty($real_subscr['duration'])) {
                                         // if the old subscription is not over yet, we need to extend the new one with some days
                                         $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
                                         if (!($res = @mysql_query($query))) {
                                             trigger_error(mysql_error(), E_USER_ERROR);
                                         }
                                         if (mysql_num_rows($res)) {
                                             $rsrow = mysql_fetch_assoc($res);
                                             $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
                                             if ((int) $rsrow['paid_until'] > (int) $time) {
                                                 $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
                                                 //86400 seconds in a day
                                                 if ($remaining_days > 0) {
                                                     $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
                                                     $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
                                                     $days_append = round($remaining_value / $day_value_new);
                                                     $real_subscr['duration'] = (int) $real_subscr['duration'];
                                                     $real_subscr['duration'] += $days_append;
                                                 }
                                             }
                                         }
                                     }
                                     $now = gmdate('Ymd');
                                     // all old active subscriptions end now!
                                     $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
                                     if (!($res = @mysql_query($query))) {
                                         trigger_error(mysql_error(), E_USER_ERROR);
                                     }
                                     // insert the new subscription
                                     $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`='" . $real_subscr['subscr_id'] . "',`gw_txn`='" . $input['x_trans_id'] . "',`name`='" . $input['card_holder_name'] . "',`country`='" . $input['x_Country'] . "',`state`='" . $input['x_State'] . "',`city`='" . $input['x_City'] . "',`zip`='" . $input['x_Zip'] . "',`street_address`='" . $input['x_Address'] . "',`email`='" . $input['x_Email'] . "',`phone`='" . $input['x_Phone'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['x_amount'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . addslashes($this->fraud_reason) . "',`date`=now(),`paid_from`='{$now}'";
                                     if (!empty($real_subscr['duration'])) {
                                         $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
                                     }
                                     if (!($res = @mysql_query($query))) {
                                         trigger_error(mysql_error(), E_USER_ERROR);
                                     }
                                     if (!$this->is_fraud) {
                                         $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
                                         if (!($res = @mysql_query($query))) {
                                             trigger_error(mysql_error(), E_USER_ERROR);
                                         }
                                         $myreturn = true;
                                         add_member_score($real_user['user_id'], 'payment');
                                         $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
                                     } else {
                                         $output['name'] = $input['card_holder_name'];
                                         $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
                                         $tpl->set_var('output', $output);
                                         $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
                                         // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
                                         $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
                                         if (!($res = @mysql_query($query))) {
                                             trigger_error(mysql_error(), E_USER_ERROR);
                                         }
                                         if (mysql_num_rows($res)) {
                                             send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['x_trans_id'] . ': ' . $this->fraud_reason);
                                         }
                                     }
                                 } else {
                                     // a demo transaction when we're not in demo mode
                                     $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
                                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                     new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($input)));
                                 }
                             } else {
                                 // paid price doesn't match the subscription price
                                 $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                 new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($input)));
                             }
                         } else {
                             // if the subscr_id was not found
                             $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
                             require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                             new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($input)));
                         }
                     } else {
                         // if the user_id was not found
                         $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
                         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                         new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($input)));
                     }
                 } elseif ($input['dm_item_type'] == 'prod') {
                     // no product support for now in Etano
                 } else {
                     // dm_item_type is neither 'prod' nor 'subscr'
                     $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                     new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($input)));
                 }
             } else {
                 $tpl->set_var('gateway_text', $GLOBALS['_lang'][199]);
                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                 new log_error(array('module_name' => get_class($this), 'text' => 'Invalid hash code received after payment: ' . array2qs($input) . '. My hash:' . strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))));
             }
         } else {
             $tpl->set_var('gateway_text', sprintf($GLOBALS['_lang'][200], $input['x_response_reason_text'], $input['x_response_reason_code']));
             require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
             new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error: ' . $input['x_response_reason_text'] . '(' . $input['x_response_reason_code'] . ")\n" . array2qs($input)));
         }
     } else {
         $tpl->set_var('gateway_text', $GLOBALS['_lang'][201]);
         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
         new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error. Card not processed. ' . array2qs($input)));
     }
     return $myreturn;
 }
Exemplo n.º 15
0
function write_and_send_email($email, $user_id, $data)
{
    global $globalsuccess, $sentemails, $nomail, $start_time;
    $data .= '====================' . "\n\n";
    if ($user_id) {
        $data .= "As a registered user, visit http://www.openaustralia.org/user/\nto manage your alerts.\n";
    } else {
        $data .= "If you register on the site, you will be able to manage your\nalerts there as well as post comments. :)\n";
    }
    $sentemails++;
    mlog("SEND {$sentemails} : Sending email to {$email} ... ");
    $d = array('to' => $email, 'template' => 'alert_mailout');
    $m = array('DATA' => $data);
    if (!$nomail) {
        $success = send_template_email($d, $m, true);
        # true = "Precedence: bulk"
        mlog("sent ... ");
        # sleep if time between sending mails is less than a certain number of seconds on average
        if ((time() - $start_time) / $sentemails < 0.5) {
            # number of seconds per mail not to be quicker than
            mlog("pausing ... ");
            sleep(1);
        }
    } else {
        mlog($data);
        $success = 1;
    }
    mlog("done\n");
    if (!$success) {
        $globalsuccess = 0;
    }
}
Exemplo n.º 16
0
function write_and_send_email($current, $data, $template)
{
    global $globalsuccess, $sentemails, $nomail, $start_time;
    $sentemails++;
    mlog("SEND {$sentemails} : Sending email to {$current['email']} ... ");
    $d = array('to' => $current['email'], 'template' => $template);
    $m = array('DATA' => join("\n", $data), 'MANAGE' => 'http://www.theyworkforyou.com/D/' . $current['token'], 'ALERT_IS' => count($data) == 1 ? 'alert is' : 'alerts are', 'ALERTS' => count($data) == 1 ? 'an alert' : 'some alerts');
    if (!$nomail) {
        $success = send_template_email($d, $m, true);
        mlog("sent ... ");
        # sleep if time between sending mails is less than a certain number of seconds on average
        if ((time() - $start_time) / $sentemails < 0.5) {
            # number of seconds per mail not to be quicker than
            mlog("pausing ... ");
            sleep(1);
        }
    } else {
        mlog(join('', $data));
        $success = 1;
    }
    mlog("done\n");
    if (!$success) {
        $globalsuccess = 0;
    }
}
Exemplo n.º 17
0
 function send_password_reminder()
 {
     global $PAGE;
     // You'll probably have just called $this->change_password().
     if ($this->email() == '') {
         $PAGE->error_message("No email set for this user, so can't send a password reminder.");
         return false;
     }
     $data = array('to' => $this->email(), 'template' => 'new_password');
     $URL = new URL("userlogin");
     $merge = array('EMAIL' => $this->email(), 'LOGINURL' => "http://" . DOMAIN . $URL->generate(), 'PASSWORD' => $this->password());
     // send_template_email in utility.php.
     $success = send_template_email($data, $merge);
     return $success;
 }
Exemplo n.º 18
0
 function process(&$input, $type)
 {
     global $dbtable_prefix, $tpl;
     if (!isset($tpl)) {
         $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
     }
     //		require_once _BASEPATH_.'/includes/classes/log_error.class.php';
     //		new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true)));
     if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) {
         // some transformations
         parse_str($input['custom'], $temp);
         if (!empty($temp['uid'])) {
             $input['user_id'] = $temp['uid'];
         }
         $input['dm_item_type'] = $temp['dit'];
         $input['business'] = strtolower($input['business']);
         $input['receiver_email'] = strtolower($input['receiver_email']);
         $input['first_name'] = ucwords(strtolower($input['first_name']));
         $input['last_name'] = ucwords(strtolower($input['last_name']));
         $query = "SELECT get_lock('" . $input['txn_id'] . "',10)";
         if (!($res = @mysql_query($query))) {
             trigger_error(mysql_error(), E_USER_ERROR);
         }
         if (mysql_result($res, 0, 0) == 1) {
             $query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY";
             if (!($res = @mysql_query($query))) {
                 trigger_error(mysql_error(), E_USER_ERROR);
             }
             if (mysql_num_rows($res)) {
                 // the other process already did the job. Let's release the lock
                 if ($type == 'pdt') {
                     $output = mysql_fetch_assoc($res);
                     // tell member that he will receive everything by email
                     if ($output['is_subscr']) {
                         if ($output['is_suspect']) {
                             $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
                         } else {
                             $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
                         }
                     } else {
                         $tpl->set_file('gateway_text', 'thankyou_prod_nok.html');
                     }
                     $tpl->set_var('output', $output);
                     $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
                 }
                 $query = "SELECT release_lock('" . $input['txn_id'] . "')";
                 if (!($res = @mysql_query($query))) {
                     trigger_error(mysql_error(), E_USER_ERROR);
                 }
             } else {
                 // we arrived before the other process, let's do the dirty work...
                 if ($input['dm_item_type'] == 'subscr') {
                     $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
                     if (!($res = @mysql_query($query))) {
                         trigger_error(mysql_error(), E_USER_ERROR);
                     }
                     if (mysql_num_rows($res)) {
                         $real_user = mysql_fetch_assoc($res);
                         if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) {
                             if (strcasecmp($input['payment_status'], 'Completed') == 0) {
                                 $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1";
                                 if (!($res = @mysql_query($query))) {
                                     trigger_error(mysql_error(), E_USER_ERROR);
                                 }
                                 if (mysql_num_rows($res)) {
                                     $real_subscr = mysql_fetch_assoc($res);
                                     if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) {
                                         if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) {
                                             require_once _BASEPATH_ . '/includes/iso31661a2.inc.php';
                                             if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) {
                                                 $input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']];
                                                 $input['email'] = $input['payer_email'];
                                                 $this->check_fraud($input);
                                             } else {
                                                 $this->is_fraud = true;
                                                 $this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.';
                                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                                 new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST)));
                                             }
                                             if (!empty($real_subscr['duration'])) {
                                                 // if the old subscription is not over yet, we need to extend the new one with some days
                                                 $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
                                                 if (!($res = @mysql_query($query))) {
                                                     trigger_error(mysql_error(), E_USER_ERROR);
                                                 }
                                                 if (mysql_num_rows($res)) {
                                                     $rsrow = mysql_fetch_assoc($res);
                                                     $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
                                                     if ((int) $rsrow['paid_until'] > (int) $time) {
                                                         $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
                                                         //86400 seconds in a day
                                                         if ($remaining_days > 0) {
                                                             $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
                                                             $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
                                                             $days_append = round($remaining_value / $day_value_new);
                                                             $real_subscr['duration'] = (int) $real_subscr['duration'];
                                                             $real_subscr['duration'] += $days_append;
                                                         }
                                                     }
                                                 }
                                             }
                                             $now = gmdate('Ymd');
                                             // all old active subscriptions end now!
                                             $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
                                             if (!($res = @mysql_query($query))) {
                                                 trigger_error(mysql_error(), E_USER_ERROR);
                                             }
                                             // insert the new subscription
                                             $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()";
                                             if (!empty($real_subscr['duration'])) {
                                                 $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
                                             }
                                             if (!($res = @mysql_query($query))) {
                                                 trigger_error(mysql_error(), E_USER_ERROR);
                                             }
                                             if (!$this->is_fraud) {
                                                 $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
                                                 if (!($res = @mysql_query($query))) {
                                                     trigger_error(mysql_error(), E_USER_ERROR);
                                                 }
                                                 $myreturn = true;
                                                 add_member_score($real_user['user_id'], 'payment');
                                                 if ($type == 'pdt') {
                                                     $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
                                                 }
                                             } else {
                                                 if ($type == 'pdt') {
                                                     $output['name'] = $input['card_holder_name'];
                                                     $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
                                                     $tpl->set_var('output', $output);
                                                     $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
                                                 }
                                                 // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
                                                 $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
                                                 if (!($res = @mysql_query($query))) {
                                                     trigger_error(mysql_error(), E_USER_ERROR);
                                                 }
                                                 if (mysql_num_rows($res)) {
                                                     send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason);
                                                 }
                                             }
                                         } else {
                                             // a demo transaction when we're not in demo mode
                                             if ($type == 'pdt') {
                                                 $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
                                             }
                                             require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                             new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST)));
                                         }
                                     } else {
                                         // paid price doesn't match the subscription price
                                         if ($type == 'pdt') {
                                             $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
                                         }
                                         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                         new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST)));
                                     }
                                 } else {
                                     // if the subscr_id was not found
                                     if ($type == 'pdt') {
                                         $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
                                     }
                                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                     new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST)));
                                 }
                             } else {
                                 if ($type == 'pdt') {
                                     $tpl->set_var('gateway_text', $GLOBALS['_lang'][190]);
                                 }
                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                 new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST)));
                             }
                         } elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) {
                             $query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1";
                             if (!($res = @mysql_query($query))) {
                                 trigger_error(mysql_error(), E_USER_ERROR);
                             }
                             if (mysql_num_rows($res)) {
                                 $payment_id = mysql_result($res, 0, 0);
                                 $now = gmdate('Ymd');
                                 $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}";
                                 if (!($res = @mysql_query($query))) {
                                     trigger_error(mysql_error(), E_USER_ERROR);
                                 }
                             } else {
                                 // invalid eot.
                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                 new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST)));
                             }
                         } else {
                             // unhandled txn_type
                             if ($type == 'pdt') {
                                 $tpl->set_var('gateway_text', $GLOBALS['_lang'][191]);
                             }
                             require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                             new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST)));
                         }
                     } else {
                         // if the user_id was not found
                         if ($type == 'pdt') {
                             $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
                         }
                         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                         new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST)));
                     }
                 } elseif ($input['dm_item_type'] == 'prod') {
                     // no product support for now in Etano
                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                     new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST)));
                 } else {
                     // dm_item_type is neither 'prod' nor 'subscr'
                     if ($type == 'pdt') {
                         $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
                     }
                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                     new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST)));
                 }
                 // job done, release the lock
                 $query = "SELECT release_lock('" . $input['txn_id'] . "')";
                 if (!($res = @mysql_query($query))) {
                     trigger_error(mysql_error(), E_USER_ERROR);
                 }
             }
         } else {
             // we could not obtain the lock.
             // The other process is taking too long but at least this should mean that it is handling this
         }
     } else {
         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
         new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST)));
     }
 }