function write_and_send_email($email, $user_id, $data)
{
global $globalsuccess, $out, $sentemails, $nomail;
if ($user_id) {
$data = "As a registered user, visit http://www.openaustralia.org/user/\nto unsubscribe from, or manage, your alerts.\n\n" . $data;
} else {
$data = "If you register on the site, you will be able to manage your\nalerts there as well as post comments. :)\n\n" . $data;
}
$out .= "SEND: Sending email to {$email}\n";
print "SEND: Sending email to {$email}\n";
$sentemails++;
$d = array('to' => $email, 'template' => 'alert_mailout');
$m = array('DATA' => $data);
if (!$nomail) {
$success = send_template_email($d, $m);
usleep(500000);
} else {
$success = 1;
$out .= $data . "\n\n";
# print $data . "\n\n";
}
if (!$success) {
$globalsuccess = 0;
}
}
}
}
if (!$error) {
if ($input['page'] == 1) {
$input['temp_pass'] = md5(gen_pass(6));
$query = "INSERT IGNORE INTO `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "',`" . USER_ACCOUNT_PASS . "`=md5('" . $input['pass'] . "'),`email`='" . $input['email'] . "',`membership`=2,`status`=" . ASTAT_UNVERIFIED . ",`temp_pass`='" . $input['temp_pass'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$_SESSION[_LICENSE_KEY_]['user']['reg_id'] = mysql_insert_id();
$_SESSION[_LICENSE_KEY_]['user']['user'] = $input['user'];
// for `dsb_payments`
$_SESSION[_LICENSE_KEY_]['user']['email'] = $input['email'];
// for info_signup.html
$input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
}
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$is_update = false;
if (mysql_num_rows($res)) {
$is_update = true;
}
$now = gmdate('YmdHis');
if ($is_update) {
$query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'";
} else {
$query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'";
}
function create($COMMENT, $reportdata)
{
// For when a user posts a report on a comment.
// $reportdata is an array like:
// array (
// 'body' => 'some text',
// 'firstname' => 'Billy',
// 'lastname' => 'Nomates',
// 'email' => '*****@*****.**'
// )
// But if the report was made by a logged-in user, only the
// 'body' element should really contain anything, because
// we use $THEUSER's id to get the rest.
// $COMMENT is an existing COMMENT object, needed for setting
// its modflag and comment_id.
global $THEUSER, $PAGE;
if (!$THEUSER->is_able_to('reportcomment')) {
$PAGE->error_message("Sorry, you are not allowed to post reports.");
return false;
}
if (is_numeric($THEUSER->user_id()) && $THEUSER->user_id() > 0) {
// Flood check - make sure the user hasn't just posted a report recently.
// To help prevent accidental duplicates, among other nasty things.
// (Non-logged in users are all id == 0.)
$flood_time_limit = 20;
// How many seconds until a user can post again?
$q = $this->db->query("SELECT report_id\n\t\t\t\t\t\t\tFROM\tcommentreports\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\treported + 0 > NOW() - {$flood_time_limit}");
if ($q->rows() > 0) {
$PAGE->error_message("Sorry, we limit people to posting one report per {$flood_time_limit} seconds to help prevent duplicate reports. Please go back and try again, thanks.");
return false;
}
}
// Tidy up body.
$body = filter_user_input($reportdata['body'], 'comment');
// In utility.php
$time = gmdate("Y-m-d H:i:s");
if ($THEUSER->isloggedin()) {
$sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, user_id)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($THEUSER->user_id()) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t";
} else {
$sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, firstname, lastname, email)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['firstname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['lastname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['email']) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t";
}
$q = $this->db->query($sql);
if ($q->success()) {
// Inserted OK, so set up this object's variables.
$this->report_id = $q->insert_id();
$this->comment_id = $COMMENT->comment_id();
$this->body = $body;
$this->reported = $time;
if ($THEUSER->isloggedin()) {
$this->user_id = $THEUSER->user_id();
$this->firstname = $THEUSER->firstname();
$this->lastname = $THEUSER->lastname();
} else {
$this->email = $reportdata['email'];
$this->firstname = $reportdata['firstname'];
$this->lastname = $reportdata['lastname'];
}
// Set the comment's modflag to on.
$COMMENT->set_modflag('on');
// Notify those who need to know that there's a new report.
$URL = new URL('admin_commentreport');
$URL->insert(array('rid' => $this->report_id, 'cid' => $this->comment_id));
$emailbody = "A new comment report has been filed by " . $this->user_name() . ".\n\n";
$emailbody .= "COMMENT:\n" . $COMMENT->body() . "\n\n";
$emailbody .= "REPORT:\n" . $this->body . "\n\n";
$emailbody .= "To manage this report follow this link: http://" . DOMAIN . $URL->generate('none') . "\n";
send_email(REPORTLIST, 'New comment report', $emailbody);
// Send an email to the user to thank them.
if ($THEUSER->isloggedin()) {
$email = $THEUSER->email();
} else {
$email = $this->email();
}
$data = array('to' => $email, 'template' => 'report_acknowledge');
$merge = array('FIRSTNAME' => $this->firstname(), 'LASTNAME' => $this->lastname(), 'COMMENTURL' => "http://" . DOMAIN . $COMMENT->url(), 'REPORTBODY' => strip_tags($this->body()));
// send_template_email in utility.php.
send_template_email($data, $merge);
return true;
} else {
return false;
}
}
public function send_already_signedup_email($details)
{
$data = array('to' => $details['email'], 'template' => 'alert_already_signedup');
$criteria = alert_details_to_criteria($details);
$this->criteria = $criteria;
$merge = array('FIRSTNAME' => 'THEY WORK FOR YOU', 'LASTNAME' => ' ALERT ALREADY SIGNED UP', 'CRITERIA' => $this->criteria_pretty());
$success = send_template_email($data, $merge);
if ($success) {
return true;
} else {
return false;
}
}
function resolve($REPORT, $COMMENT)
{
// The user has chosen to either delete or not delete the comment.
// And we might be sending emails.
global $PAGE;
if (get_http_var('deletecomment') == 'true') {
$upheld = true;
} else {
$upheld = false;
}
$success = $REPORT->resolve($upheld, $COMMENT);
if ($success) {
if ($upheld == true) {
print "<p>The comment has been deleted.</p>\n";
}
print "<p>The report has been resolved.</p>\n";
if (get_http_var('sendtoreporter') == 'true') {
// We're sending an email to the reporter.
// Either approving or declining what they suggested.
if ($REPORT->user_id() > 0) {
// The reporting user was logged in at the time,
// so get their email address.
$USER = new USER();
$USER->init($REPORT->user_id());
$email = $USER->email();
} else {
// Non-logged-in user; they should have left their address.
$email = $REPORT->email();
}
// Prepare the data needed for either email.
$data = array('to' => $email);
$merge = array('FIRSTNAME' => $REPORT->firstname(), 'LASTNAME' => $REPORT->lastname(), 'REPORTBODY' => strip_tags($REPORT->body()));
// Add stuff specific to each type of email.
if ($upheld == true) {
$data['template'] = 'report_upheld';
} else {
$data['template'] = 'report_declined';
$merge['COMMENTURL'] = 'http://' . DOMAIN . $COMMENT->url();
$merge['REASON'] = get_http_var('declinedreason');
}
$success = send_template_email($data, $merge);
if ($success) {
print "<p>An email has been sent to the person who made the report.</p>\n";
} else {
$PAGE->error_message("Failed when sending an email to the person who made the report.");
}
}
if (get_http_var('sendtocommenter') == 'true') {
// We're telling the commenter that their comment has been deleted.
$USER = new USER();
$USER->init($COMMENT->user_id());
// Create the URL for if a user wants to return and post another comment.
// Remove the anchor for their now deleted comment.
$addcommentsurl = 'http://' . DOMAIN . preg_replace("/#.*\$/", '#addcomment', $COMMENT->url());
$data = array('to' => $USER->email(), 'template' => 'comment_deleted_blank', 'subject' => 'One of your comments has been deleted');
$merge = array('REPLYBODY' => get_http_var('commentermail'), 'FIRSTNAME' => $USER->firstname(), 'LASTNAME' => $USER->lastname(), 'ADDCOMMENTURL' => $addcommentsurl, 'COMMENTBODY' => strip_tags($COMMENT->body()));
// We only send this email if a comment has been deleted.
$success = send_template_email($data, $merge);
if ($success) {
print "<p>An email has been sent to the person who posted the comment.</p>\n";
} else {
$PAGE->error_message("Failed when sending an email to the person who posted the comment.");
}
}
}
$URL = new URL('admin_home');
print '<p><a href="' . $URL->generate() . '">Back</a></p>';
}
function send_confirmation_email($details)
{
// After we've add()ed an alert we'll be sending them
// a confirmation email with a link to confirm their address.
// $details is the array we just sent to add(), and which it's
// passed on to us here.
// A brief check of the facts...
if (!is_numeric($this->alert_id) || !isset($details['email']) || $details['email'] == '') {
return false;
}
// We prefix the registration token with the alert's id and '-'.
// Not for any particularly good reason, but we do.
$urltoken = $this->alert_id . '-' . $this->registrationtoken;
$confirmurl = 'http://' . DOMAIN . '/A/' . $urltoken;
// Arrays we need to send a templated email.
$data = array('to' => $details['email'], 'template' => 'alert_confirmation');
$merge = array('FIRSTNAME' => 'THEY WORK FOR YOU', 'LASTNAME' => ' ALERT CONFIRMATION', 'CONFIRMURL' => $confirmurl, 'CRITERIA' => $this->criteria_pretty());
$success = send_template_email($data, $merge);
if ($success) {
return true;
} else {
return false;
}
}
$input['error_email'] = 'red_border';
}
if (!$error) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = sprintf($GLOBALS['_lang'][204], $input['email']);
$input['error_email'] = 'red_border';
}
}
if (!$error) {
$query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='new_email',`config_value`='" . $input['email'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$input['email2'] = rawurlencode($input['email']);
send_template_email($input['email'], sprintf($GLOBALS['_lang'][40], _SITENAME_), 'email_change_confirm.html', get_my_skin(), $input);
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'][] = $GLOBALS['_lang'][39];
} else {
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
redirect2page($nextpage, $topass, $qs);
}
}
unset($_SESSION['captcha_word']);
if (!$error) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`" . USER_ACCOUNT_USER . "` as `user`,`email` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$input = mysql_fetch_assoc($res);
$input['temp_pass'] = md5(gen_pass(6));
$input['ipaddr'] = $_SERVER['REMOTE_ADDR'];
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $input['uid'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
send_template_email($input['email'], sprintf($GLOBALS['_lang'][225], _SITENAME_), 'pass_reset.html', get_my_skin(), $input);
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][89];
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][90];
}
} else {
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
redirect2page($nextpage, $topass, $qs);
<br><label for="sendname">Your name:</label> <input type="text" id="sendname" name="sender_name" value="<?php
echo $sender_name;
?>
" size="30">
<input type="hidden" name="pid" value="<?php
echo $pid;
?>
">
<br>(<a href="/privacy/">privacy policy</a>)
<input type="submit" class="submit" value="Send"></p>
</form>
<?php
} else {
$rep_name = $MEMBER->full_name();
if ($MEMBER->house_disp == 1) {
$rep_name .= ' MP';
} elseif ($MEMBER->house_disp == 3) {
$rep_name .= ' MLA';
}
$data = array('template' => 'email_a_friend', 'to' => $recipient_email, 'subject' => 'Find out all about ' . $rep_name);
$url = $MEMBER->url();
$merge = array('NAME' => $sender_name, 'EMAIL' => $sender_email, 'REP_NAME' => $rep_name, 'REP_URL' => $url);
$success = send_template_email($data, $merge);
if ($success) {
print "<p>Your email has been sent successfully. Thank you for using TheyWorkForYou.</p> <p><a href=\"{$url}\">Return to " . $MEMBER->full_name() . "'s page</a></p>";
} else {
print "<p>Sorry, something went wrong trying to send an email. Please wait a few minutes and try again.</p>";
}
}
$PAGE->stripe_end();
$PAGE->page_end();
// the easiest way to detect if it was an ajax request or not is by this header
if (get_request_content_type() == "application/json") {
$is_ajax = true;
// PHP does not make this easy, this is a util I made
$json = get_json();
// i am declaring this formData object from the JS, you may want to send
// up other information along with the form
$template_data = $json["formData"];
} else {
// this is the entire form, $_REQUEST["name"] will be the name, if you need
// more stuff here, add a hidden input.
$template_data = $_REQUEST;
}
try {
// this is the main function, an exception will be thrown if this fails.
send_template_email(array("to" => "*****@*****.**", "cc" => array("*****@*****.**", "*****@*****.**"), "bcc" => null, "subject" => "This is the subject", "bodyTemplate" => "email_template", "data" => $template_data));
// handle the success
if ($is_ajax) {
JSONResponse(array("message" => "Email sent successfully."));
} else {
//redirect with no ajax
header("Location: test.html?success=true");
}
} catch (PEARErrorException $e) {
// This exception class is a wrapper for receiving the Pear error
// object when the email could not be sent.
$error = $e->error;
// if the error has a newline, it will break, seems google will return with newlines for invalid user/pass
$message = str_replace("\n", " ", $error->message);
if ($is_ajax) {
JSONResponse(array("error" => $message), false);
function send_queue_message()
{
$limit = 50;
// number of messages in a batch
unset($_on_before_insert, $_on_after_insert);
if (is_file(_BASEPATH_ . '/events/cronjobs/send_queue_message.php')) {
include_once _BASEPATH_ . '/events/cronjobs/send_queue_message.php';
}
global $dbtable_prefix, $def_skin;
include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
$filters = array();
$notifs = array();
$emails = array();
$mail_ids = array();
$receivers = array();
$query = "SELECT a.`mail_id`,a.`fk_user_id`,a.`fk_user_id_other`,a.`_user_other`,a.`subject`,a.`message_body`,a.`date_sent`,a.`message_type`,b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}queue_message` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` ORDER BY a.`mail_id` ASC LIMIT {$limit}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
while ($rsrow = mysql_fetch_assoc($res)) {
$temp['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, FORMAT_TEXT2HTML);
$temp['_user_other'] = $rsrow['_user_other'];
if (empty($temp['_user_other']) && $rsrow['message_type'] == MESS_SYSTEM) {
$temp['_user_other'] = $GLOBALS['_lang'][135];
}
$temp['email'] = $rsrow['email'];
$temp['user'] = $rsrow['user'];
$mail_ids[] = $rsrow['mail_id'];
if (isset($receivers[$rsrow['fk_user_id']])) {
++$receivers[$rsrow['fk_user_id']];
} else {
$receivers[$rsrow['fk_user_id']] = 1;
}
unset($rsrow['mail_id'], $rsrow['email'], $rsrow['user']);
$rsrow['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
$rsrow['message_body'] = sanitize_and_format($rsrow['message_body'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
if (!isset($filters[$rsrow['fk_user_id']])) {
$query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $rsrow['fk_user_id'];
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow2 = mysql_fetch_assoc($res2)) {
$filters[$rsrow['fk_user_id']][] = $rsrow2;
}
if (!isset($filters[$rsrow['fk_user_id']])) {
$filters[$rsrow['fk_user_id']] = array();
}
}
if (!isset($notifs[$rsrow['fk_user_id']])) {
$notifs[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'notify_me');
}
$notify = true;
$was_sent = false;
// was sent by a filter?
if (!empty($filters[$rsrow['fk_user_id']])) {
for ($i = 0; isset($filters[$rsrow['fk_user_id']][$i]); ++$i) {
$filter = $filters[$rsrow['fk_user_id']][$i];
switch ($filter['filter_type']) {
case FILTER_SENDER:
if ($rsrow['fk_user_id_other'] == $filter['field_value']) {
if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
$into = "`{$dbtable_prefix}user_spambox`";
$notify = false;
} else {
$into = "`{$dbtable_prefix}user_inbox`";
$rsrow['fk_folder_id'] = $filter['fk_folder_id'];
}
$query = "INSERT INTO {$into} SET ";
foreach ($rsrow as $k => $v) {
$query .= "`{$k}`='{$v}',";
}
$query = substr($query, 0, -1);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i], $rsrow);
}
}
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i], $rsrow);
}
}
$was_sent = true;
}
break 2;
// exit the filters for() too
}
}
}
if (!$was_sent) {
// no filter here - insert directly in inbox
$query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET ";
foreach ($rsrow as $k => $v) {
$query .= "`{$k}`='{$v}',";
}
$query = substr($query, 0, -1);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i], $rsrow);
}
}
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i], $rsrow);
}
}
}
if ($notifs[$rsrow['fk_user_id']] && $notify) {
$emails[] = $temp;
}
}
if (!empty($mail_ids)) {
$query = "DELETE FROM `{$dbtable_prefix}queue_message` WHERE `mail_id` IN ('" . join("','", $mail_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
if (!empty($receivers)) {
$uids = array();
// we build an array like array(num_messages1=>array(uid1,uid2,..),num_messages2=>array(uid3,uid4...),...)
// this way we can add score for more users at once, saving some processing time
foreach ($receivers as $uid => $num) {
if (isset($uids[$num])) {
$uids[$num][] = $uid;
} else {
$uids[$num] = array($uid);
}
}
foreach ($uids as $num => $nuids) {
add_member_score($nuids, 'new_message', $num);
}
}
// send the notification emails
if (!empty($emails)) {
for ($i = 0; isset($emails[$i]); ++$i) {
send_template_email($emails[$i]['email'], $emails[$i]['subject'], 'new_message.html', $def_skin, $emails[$i]);
}
}
return true;
}
function write_and_send_email($current, $data, $template)
{
global $globalsuccess, $sentemails, $nomail, $start_time;
$data .= '====================';
$sentemails++;
mlog("SEND {$sentemails} : Sending email to {$current['email']} ... ");
$d = array('to' => $current['email'], 'template' => $template);
$m = array('DATA' => $data, 'MANAGE' => 'http://www.theyworkforyou.com/D/' . $current['token']);
if (!$nomail) {
$success = send_template_email($d, $m, true, true);
# true = "Precedence: bulk", want bounces
mlog("sent ... ");
# sleep if time between sending mails is less than a certain number of seconds on average
if ((time() - $start_time) / $sentemails < 0.5) {
# number of seconds per mail not to be quicker than
mlog("pausing ... ");
sleep(1);
}
} else {
mlog($data);
$success = 1;
}
mlog("done\n");
if (!$success) {
$globalsuccess = 0;
}
}
function queue_or_send_message($mess_array, $force_send = false)
{
global $dbtable_prefix;
if (!$force_send) {
require _BASEPATH_ . '/includes/tables/queue_message.inc.php';
$query = "INSERT INTO `{$dbtable_prefix}queue_message` SET `date_sent`='" . gmdate('YmdHis') . "'";
foreach ($queue_message_default['defaults'] as $k => $v) {
if (isset($mess_array[$k])) {
$query .= ",`{$k}`='" . $mess_array[$k] . "'";
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
require _BASEPATH_ . '/includes/tables/user_inbox.inc.php';
$was_sent = false;
// was sent by a filter?
$notify_receiver = get_user_settings($mess_array['fk_user_id'], 'def_user_prefs', 'notify_me');
// see if the receiver has any filters in place to re-route our message
$query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $mess_array['fk_user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$filters = array();
$filters[$mess_array['fk_user_id']] = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$filters[$mess_array['fk_user_id']][] = $rsrow;
}
if (!empty($filters[$mess_array['fk_user_id']])) {
for ($i = 0; isset($filters[$mess_array['fk_user_id']][$i]); ++$i) {
$filter =& $filters[$mess_array['fk_user_id']][$i];
switch ($filter['filter_type']) {
case FILTER_SENDER:
if ($mess_array['fk_user_id_other'] == $filter['field_value']) {
if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
$into = "`{$dbtable_prefix}user_spambox`";
$notify_receiver = false;
require _BASEPATH_ . '/includes/tables/user_inbox.inc.php';
$defaults_table =& $user_spambox_default;
} else {
$into = "`{$dbtable_prefix}user_inbox`";
$mess_array['fk_folder_id'] = $filter['fk_folder_id'];
$defaults_table =& $user_inbox_default;
}
$query = "INSERT INTO {$into} SET `date_sent`='" . gmdate('YmdHis') . "'";
foreach ($defaults_table['defaults'] as $k => $v) {
if (isset($mess_array[$k])) {
$query .= ",`{$k}`='" . $mess_array[$k] . "'";
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$was_sent = true;
}
break 2;
// exit the filters for() too
}
}
}
if (!$was_sent) {
// no filter here - insert directly in inbox
$query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET `date_sent`='" . gmdate('YmdHis') . "'";
foreach ($user_inbox_default['defaults'] as $k => $v) {
if (isset($mess_array[$k])) {
$query .= ",`{$k}`='" . $mess_array[$k] . "'";
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
if ($notify_receiver) {
// new message notification
$mess_array['subject'] = sanitize_and_format($mess_array['subject'], TYPE_STRING, FORMAT_STRIPSLASH | FORMAT_TEXT2HTML);
$def_skin = get_default_skin_dir();
if (empty($mess_array['_user_other']) && $mess_array['message_type'] == MESS_SYSTEM) {
include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
$mess_array['_user_other'] =& $GLOBALS['_lang'][135];
}
$query = "SELECT a.`email`,b.`_user` FROM `" . USER_ACCOUNTS_TABLE . "` a,`{$dbtable_prefix}user_profiles` b WHERE a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` AND a.`" . USER_ACCOUNT_ID . "`='" . $mess_array['fk_user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$receiver_email = mysql_result($res, 0, 0);
$mess_array['user'] = mysql_result($res, 0, 1);
send_template_email($receiver_email, $mess_array['subject'], 'new_message.html', $def_skin, $mess_array);
}
}
}
}
function thankyou(&$tpl)
{
$myreturn = false;
global $dbtable_prefix;
$input = array();
$output = array();
foreach ($this->from_tco['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $GLOBALS['__field2type'][$v], $GLOBALS['__field2format'][$v], $this->from_tco['defaults'][$k]);
}
$input['x_amount'] = number_format($input['x_amount'], 2, '.', '');
$input['x_Email'] = strtolower($input['x_Email']);
$input['card_holder_name'] = ucwords(strtolower($input['card_holder_name']));
if (strcasecmp($input['x_2checked'], 'Y') == 0) {
if ($this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
$input['x_trans_id'] = 1;
}
if ($input['x_response_code'] == 1) {
// processed ok
if (strcasecmp($input['x_MD5_Hash'], strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))) == 0) {
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['internal_id'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['x_amount'], 2)) {
if (strcasecmp($input['demo'], 'Y') != 0 || $this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
require_once _BASEPATH_ . '/includes/iso31661a3.inc.php';
if (isset($GLOBALS['iso31661a3'][$input['x_Country']])) {
$input['country'] = $GLOBALS['iso31661a3'][$input['x_Country']];
// needed for the fraud check
$input['email'] = $input['x_Email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from 2CheckOut. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from 2co not found in iso31661a3.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`='" . $real_subscr['subscr_id'] . "',`gw_txn`='" . $input['x_trans_id'] . "',`name`='" . $input['card_holder_name'] . "',`country`='" . $input['x_Country'] . "',`state`='" . $input['x_State'] . "',`city`='" . $input['x_City'] . "',`zip`='" . $input['x_Zip'] . "',`street_address`='" . $input['x_Address'] . "',`email`='" . $input['x_Email'] . "',`phone`='" . $input['x_Phone'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['x_amount'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . addslashes($this->fraud_reason) . "',`date`=now(),`paid_from`='{$now}'";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
} else {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['x_trans_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($input)));
}
} else {
// paid price doesn't match the subscription price
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($input)));
}
} else {
// if the subscr_id was not found
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($input)));
}
} else {
// if the user_id was not found
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($input)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
} else {
// dm_item_type is neither 'prod' nor 'subscr'
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($input)));
}
} else {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][199]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid hash code received after payment: ' . array2qs($input) . '. My hash:' . strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))));
}
} else {
$tpl->set_var('gateway_text', sprintf($GLOBALS['_lang'][200], $input['x_response_reason_text'], $input['x_response_reason_code']));
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error: ' . $input['x_response_reason_text'] . '(' . $input['x_response_reason_code'] . ")\n" . array2qs($input)));
}
} else {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][201]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error. Card not processed. ' . array2qs($input)));
}
return $myreturn;
}
function write_and_send_email($email, $user_id, $data)
{
global $globalsuccess, $sentemails, $nomail, $start_time;
$data .= '====================' . "\n\n";
if ($user_id) {
$data .= "As a registered user, visit http://www.openaustralia.org/user/\nto manage your alerts.\n";
} else {
$data .= "If you register on the site, you will be able to manage your\nalerts there as well as post comments. :)\n";
}
$sentemails++;
mlog("SEND {$sentemails} : Sending email to {$email} ... ");
$d = array('to' => $email, 'template' => 'alert_mailout');
$m = array('DATA' => $data);
if (!$nomail) {
$success = send_template_email($d, $m, true);
# true = "Precedence: bulk"
mlog("sent ... ");
# sleep if time between sending mails is less than a certain number of seconds on average
if ((time() - $start_time) / $sentemails < 0.5) {
# number of seconds per mail not to be quicker than
mlog("pausing ... ");
sleep(1);
}
} else {
mlog($data);
$success = 1;
}
mlog("done\n");
if (!$success) {
$globalsuccess = 0;
}
}
function write_and_send_email($current, $data, $template)
{
global $globalsuccess, $sentemails, $nomail, $start_time;
$sentemails++;
mlog("SEND {$sentemails} : Sending email to {$current['email']} ... ");
$d = array('to' => $current['email'], 'template' => $template);
$m = array('DATA' => join("\n", $data), 'MANAGE' => 'http://www.theyworkforyou.com/D/' . $current['token'], 'ALERT_IS' => count($data) == 1 ? 'alert is' : 'alerts are', 'ALERTS' => count($data) == 1 ? 'an alert' : 'some alerts');
if (!$nomail) {
$success = send_template_email($d, $m, true);
mlog("sent ... ");
# sleep if time between sending mails is less than a certain number of seconds on average
if ((time() - $start_time) / $sentemails < 0.5) {
# number of seconds per mail not to be quicker than
mlog("pausing ... ");
sleep(1);
}
} else {
mlog(join('', $data));
$success = 1;
}
mlog("done\n");
if (!$success) {
$globalsuccess = 0;
}
}
function send_password_reminder()
{
global $PAGE;
// You'll probably have just called $this->change_password().
if ($this->email() == '') {
$PAGE->error_message("No email set for this user, so can't send a password reminder.");
return false;
}
$data = array('to' => $this->email(), 'template' => 'new_password');
$URL = new URL("userlogin");
$merge = array('EMAIL' => $this->email(), 'LOGINURL' => "http://" . DOMAIN . $URL->generate(), 'PASSWORD' => $this->password());
// send_template_email in utility.php.
$success = send_template_email($data, $merge);
return $success;
}
function process(&$input, $type)
{
global $dbtable_prefix, $tpl;
if (!isset($tpl)) {
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
}
// require_once _BASEPATH_.'/includes/classes/log_error.class.php';
// new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true)));
if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) {
// some transformations
parse_str($input['custom'], $temp);
if (!empty($temp['uid'])) {
$input['user_id'] = $temp['uid'];
}
$input['dm_item_type'] = $temp['dit'];
$input['business'] = strtolower($input['business']);
$input['receiver_email'] = strtolower($input['receiver_email']);
$input['first_name'] = ucwords(strtolower($input['first_name']));
$input['last_name'] = ucwords(strtolower($input['last_name']));
$query = "SELECT get_lock('" . $input['txn_id'] . "',10)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res, 0, 0) == 1) {
$query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
// the other process already did the job. Let's release the lock
if ($type == 'pdt') {
$output = mysql_fetch_assoc($res);
// tell member that he will receive everything by email
if ($output['is_subscr']) {
if ($output['is_suspect']) {
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
} else {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
$tpl->set_file('gateway_text', 'thankyou_prod_nok.html');
}
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// we arrived before the other process, let's do the dirty work...
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) {
if (strcasecmp($input['payment_status'], 'Completed') == 0) {
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) {
if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) {
require_once _BASEPATH_ . '/includes/iso31661a2.inc.php';
if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) {
$input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']];
$input['email'] = $input['payer_email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
if ($type == 'pdt') {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
if ($type == 'pdt') {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST)));
}
} else {
// paid price doesn't match the subscription price
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST)));
}
} else {
// if the subscr_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST)));
}
} else {
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][190]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST)));
}
} elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) {
$query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$payment_id = mysql_result($res, 0, 0);
$now = gmdate('Ymd');
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// invalid eot.
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST)));
}
} else {
// unhandled txn_type
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][191]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST)));
}
} else {
// if the user_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST)));
} else {
// dm_item_type is neither 'prod' nor 'subscr'
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST)));
}
// job done, release the lock
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
// we could not obtain the lock.
// The other process is taking too long but at least this should mean that it is handling this
}
} else {
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST)));
}
}