function write_and_send_email($email, $user_id, $data) { global $globalsuccess, $out, $sentemails, $nomail; if ($user_id) { $data = "As a registered user, visit http://www.openaustralia.org/user/\nto unsubscribe from, or manage, your alerts.\n\n" . $data; } else { $data = "If you register on the site, you will be able to manage your\nalerts there as well as post comments. :)\n\n" . $data; } $out .= "SEND: Sending email to {$email}\n"; print "SEND: Sending email to {$email}\n"; $sentemails++; $d = array('to' => $email, 'template' => 'alert_mailout'); $m = array('DATA' => $data); if (!$nomail) { $success = send_template_email($d, $m); usleep(500000); } else { $success = 1; $out .= $data . "\n\n"; # print $data . "\n\n"; } if (!$success) { $globalsuccess = 0; } }
} } if (!$error) { if ($input['page'] == 1) { $input['temp_pass'] = md5(gen_pass(6)); $query = "INSERT IGNORE INTO `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "',`" . USER_ACCOUNT_PASS . "`=md5('" . $input['pass'] . "'),`email`='" . $input['email'] . "',`membership`=2,`status`=" . ASTAT_UNVERIFIED . ",`temp_pass`='" . $input['temp_pass'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $_SESSION[_LICENSE_KEY_]['user']['reg_id'] = mysql_insert_id(); $_SESSION[_LICENSE_KEY_]['user']['user'] = $input['user']; // for `dsb_payments` $_SESSION[_LICENSE_KEY_]['user']['email'] = $input['email']; // for info_signup.html $input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id']; send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input); } $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $is_update = false; if (mysql_num_rows($res)) { $is_update = true; } $now = gmdate('YmdHis'); if ($is_update) { $query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'"; } else { $query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'"; }
function create($COMMENT, $reportdata) { // For when a user posts a report on a comment. // $reportdata is an array like: // array ( // 'body' => 'some text', // 'firstname' => 'Billy', // 'lastname' => 'Nomates', // 'email' => '*****@*****.**' // ) // But if the report was made by a logged-in user, only the // 'body' element should really contain anything, because // we use $THEUSER's id to get the rest. // $COMMENT is an existing COMMENT object, needed for setting // its modflag and comment_id. global $THEUSER, $PAGE; if (!$THEUSER->is_able_to('reportcomment')) { $PAGE->error_message("Sorry, you are not allowed to post reports."); return false; } if (is_numeric($THEUSER->user_id()) && $THEUSER->user_id() > 0) { // Flood check - make sure the user hasn't just posted a report recently. // To help prevent accidental duplicates, among other nasty things. // (Non-logged in users are all id == 0.) $flood_time_limit = 20; // How many seconds until a user can post again? $q = $this->db->query("SELECT report_id\n\t\t\t\t\t\t\tFROM\tcommentreports\n\t\t\t\t\t\t\tWHERE\tuser_id = '" . $THEUSER->user_id() . "'\n\t\t\t\t\t\t\tAND\t\treported + 0 > NOW() - {$flood_time_limit}"); if ($q->rows() > 0) { $PAGE->error_message("Sorry, we limit people to posting one report per {$flood_time_limit} seconds to help prevent duplicate reports. Please go back and try again, thanks."); return false; } } // Tidy up body. $body = filter_user_input($reportdata['body'], 'comment'); // In utility.php $time = gmdate("Y-m-d H:i:s"); if ($THEUSER->isloggedin()) { $sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, user_id)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($THEUSER->user_id()) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t"; } else { $sql = "INSERT INTO commentreports\n\t\t\t\t\t\t\t\t\t(comment_id, body, reported, firstname, lastname, email)\n\t\t\t\t\t\t\tVALUES\t('" . mysql_real_escape_string($COMMENT->comment_id()) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($body) . "', \n\t\t\t\t\t\t\t\t\t'{$time}',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['firstname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['lastname']) . "',\n\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($reportdata['email']) . "'\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t"; } $q = $this->db->query($sql); if ($q->success()) { // Inserted OK, so set up this object's variables. $this->report_id = $q->insert_id(); $this->comment_id = $COMMENT->comment_id(); $this->body = $body; $this->reported = $time; if ($THEUSER->isloggedin()) { $this->user_id = $THEUSER->user_id(); $this->firstname = $THEUSER->firstname(); $this->lastname = $THEUSER->lastname(); } else { $this->email = $reportdata['email']; $this->firstname = $reportdata['firstname']; $this->lastname = $reportdata['lastname']; } // Set the comment's modflag to on. $COMMENT->set_modflag('on'); // Notify those who need to know that there's a new report. $URL = new URL('admin_commentreport'); $URL->insert(array('rid' => $this->report_id, 'cid' => $this->comment_id)); $emailbody = "A new comment report has been filed by " . $this->user_name() . ".\n\n"; $emailbody .= "COMMENT:\n" . $COMMENT->body() . "\n\n"; $emailbody .= "REPORT:\n" . $this->body . "\n\n"; $emailbody .= "To manage this report follow this link: http://" . DOMAIN . $URL->generate('none') . "\n"; send_email(REPORTLIST, 'New comment report', $emailbody); // Send an email to the user to thank them. if ($THEUSER->isloggedin()) { $email = $THEUSER->email(); } else { $email = $this->email(); } $data = array('to' => $email, 'template' => 'report_acknowledge'); $merge = array('FIRSTNAME' => $this->firstname(), 'LASTNAME' => $this->lastname(), 'COMMENTURL' => "http://" . DOMAIN . $COMMENT->url(), 'REPORTBODY' => strip_tags($this->body())); // send_template_email in utility.php. send_template_email($data, $merge); return true; } else { return false; } }
public function send_already_signedup_email($details) { $data = array('to' => $details['email'], 'template' => 'alert_already_signedup'); $criteria = alert_details_to_criteria($details); $this->criteria = $criteria; $merge = array('FIRSTNAME' => 'THEY WORK FOR YOU', 'LASTNAME' => ' ALERT ALREADY SIGNED UP', 'CRITERIA' => $this->criteria_pretty()); $success = send_template_email($data, $merge); if ($success) { return true; } else { return false; } }
function resolve($REPORT, $COMMENT) { // The user has chosen to either delete or not delete the comment. // And we might be sending emails. global $PAGE; if (get_http_var('deletecomment') == 'true') { $upheld = true; } else { $upheld = false; } $success = $REPORT->resolve($upheld, $COMMENT); if ($success) { if ($upheld == true) { print "<p>The comment has been deleted.</p>\n"; } print "<p>The report has been resolved.</p>\n"; if (get_http_var('sendtoreporter') == 'true') { // We're sending an email to the reporter. // Either approving or declining what they suggested. if ($REPORT->user_id() > 0) { // The reporting user was logged in at the time, // so get their email address. $USER = new USER(); $USER->init($REPORT->user_id()); $email = $USER->email(); } else { // Non-logged-in user; they should have left their address. $email = $REPORT->email(); } // Prepare the data needed for either email. $data = array('to' => $email); $merge = array('FIRSTNAME' => $REPORT->firstname(), 'LASTNAME' => $REPORT->lastname(), 'REPORTBODY' => strip_tags($REPORT->body())); // Add stuff specific to each type of email. if ($upheld == true) { $data['template'] = 'report_upheld'; } else { $data['template'] = 'report_declined'; $merge['COMMENTURL'] = 'http://' . DOMAIN . $COMMENT->url(); $merge['REASON'] = get_http_var('declinedreason'); } $success = send_template_email($data, $merge); if ($success) { print "<p>An email has been sent to the person who made the report.</p>\n"; } else { $PAGE->error_message("Failed when sending an email to the person who made the report."); } } if (get_http_var('sendtocommenter') == 'true') { // We're telling the commenter that their comment has been deleted. $USER = new USER(); $USER->init($COMMENT->user_id()); // Create the URL for if a user wants to return and post another comment. // Remove the anchor for their now deleted comment. $addcommentsurl = 'http://' . DOMAIN . preg_replace("/#.*\$/", '#addcomment', $COMMENT->url()); $data = array('to' => $USER->email(), 'template' => 'comment_deleted_blank', 'subject' => 'One of your comments has been deleted'); $merge = array('REPLYBODY' => get_http_var('commentermail'), 'FIRSTNAME' => $USER->firstname(), 'LASTNAME' => $USER->lastname(), 'ADDCOMMENTURL' => $addcommentsurl, 'COMMENTBODY' => strip_tags($COMMENT->body())); // We only send this email if a comment has been deleted. $success = send_template_email($data, $merge); if ($success) { print "<p>An email has been sent to the person who posted the comment.</p>\n"; } else { $PAGE->error_message("Failed when sending an email to the person who posted the comment."); } } } $URL = new URL('admin_home'); print '<p><a href="' . $URL->generate() . '">Back</a></p>'; }
function send_confirmation_email($details) { // After we've add()ed an alert we'll be sending them // a confirmation email with a link to confirm their address. // $details is the array we just sent to add(), and which it's // passed on to us here. // A brief check of the facts... if (!is_numeric($this->alert_id) || !isset($details['email']) || $details['email'] == '') { return false; } // We prefix the registration token with the alert's id and '-'. // Not for any particularly good reason, but we do. $urltoken = $this->alert_id . '-' . $this->registrationtoken; $confirmurl = 'http://' . DOMAIN . '/A/' . $urltoken; // Arrays we need to send a templated email. $data = array('to' => $details['email'], 'template' => 'alert_confirmation'); $merge = array('FIRSTNAME' => 'THEY WORK FOR YOU', 'LASTNAME' => ' ALERT CONFIRMATION', 'CONFIRMURL' => $confirmurl, 'CRITERIA' => $this->criteria_pretty()); $success = send_template_email($data, $merge); if ($success) { return true; } else { return false; } }
$input['error_email'] = 'red_border'; } if (!$error) { $query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'][] = sprintf($GLOBALS['_lang'][204], $input['email']); $input['error_email'] = 'red_border'; } } if (!$error) { $query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='new_email',`config_value`='" . $input['email'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $input['email2'] = rawurlencode($input['email']); send_template_email($input['email'], sprintf($GLOBALS['_lang'][40], _SITENAME_), 'email_change_confirm.html', get_my_skin(), $input); $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'][] = $GLOBALS['_lang'][39]; } else { // you must re-read all textareas from $_POST like this: // $input['x']=addslashes_mq($_POST['x']); $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH); $topass['input'] = $input; } } redirect2page($nextpage, $topass, $qs);
} } unset($_SESSION['captcha_word']); if (!$error) { $query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`" . USER_ACCOUNT_USER . "` as `user`,`email` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $input = mysql_fetch_assoc($res); $input['temp_pass'] = md5(gen_pass(6)); $input['ipaddr'] = $_SERVER['REMOTE_ADDR']; $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $input['uid']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } send_template_email($input['email'], sprintf($GLOBALS['_lang'][225], _SITENAME_), 'pass_reset.html', get_my_skin(), $input); $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = $GLOBALS['_lang'][89]; } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][90]; } } else { // you must re-read all textareas from $_POST like this: // $input['x']=addslashes_mq($_POST['x']); $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH); $topass['input'] = $input; } } redirect2page($nextpage, $topass, $qs);
<br><label for="sendname">Your name:</label> <input type="text" id="sendname" name="sender_name" value="<?php echo $sender_name; ?> " size="30"> <input type="hidden" name="pid" value="<?php echo $pid; ?> "> <br>(<a href="/privacy/">privacy policy</a>) <input type="submit" class="submit" value="Send"></p> </form> <?php } else { $rep_name = $MEMBER->full_name(); if ($MEMBER->house_disp == 1) { $rep_name .= ' MP'; } elseif ($MEMBER->house_disp == 3) { $rep_name .= ' MLA'; } $data = array('template' => 'email_a_friend', 'to' => $recipient_email, 'subject' => 'Find out all about ' . $rep_name); $url = $MEMBER->url(); $merge = array('NAME' => $sender_name, 'EMAIL' => $sender_email, 'REP_NAME' => $rep_name, 'REP_URL' => $url); $success = send_template_email($data, $merge); if ($success) { print "<p>Your email has been sent successfully. Thank you for using TheyWorkForYou.</p> <p><a href=\"{$url}\">Return to " . $MEMBER->full_name() . "'s page</a></p>"; } else { print "<p>Sorry, something went wrong trying to send an email. Please wait a few minutes and try again.</p>"; } } $PAGE->stripe_end(); $PAGE->page_end();
// the easiest way to detect if it was an ajax request or not is by this header if (get_request_content_type() == "application/json") { $is_ajax = true; // PHP does not make this easy, this is a util I made $json = get_json(); // i am declaring this formData object from the JS, you may want to send // up other information along with the form $template_data = $json["formData"]; } else { // this is the entire form, $_REQUEST["name"] will be the name, if you need // more stuff here, add a hidden input. $template_data = $_REQUEST; } try { // this is the main function, an exception will be thrown if this fails. send_template_email(array("to" => "*****@*****.**", "cc" => array("*****@*****.**", "*****@*****.**"), "bcc" => null, "subject" => "This is the subject", "bodyTemplate" => "email_template", "data" => $template_data)); // handle the success if ($is_ajax) { JSONResponse(array("message" => "Email sent successfully.")); } else { //redirect with no ajax header("Location: test.html?success=true"); } } catch (PEARErrorException $e) { // This exception class is a wrapper for receiving the Pear error // object when the email could not be sent. $error = $e->error; // if the error has a newline, it will break, seems google will return with newlines for invalid user/pass $message = str_replace("\n", " ", $error->message); if ($is_ajax) { JSONResponse(array("error" => $message), false);
function send_queue_message() { $limit = 50; // number of messages in a batch unset($_on_before_insert, $_on_after_insert); if (is_file(_BASEPATH_ . '/events/cronjobs/send_queue_message.php')) { include_once _BASEPATH_ . '/events/cronjobs/send_queue_message.php'; } global $dbtable_prefix, $def_skin; include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php'; $filters = array(); $notifs = array(); $emails = array(); $mail_ids = array(); $receivers = array(); $query = "SELECT a.`mail_id`,a.`fk_user_id`,a.`fk_user_id_other`,a.`_user_other`,a.`subject`,a.`message_body`,a.`date_sent`,a.`message_type`,b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}queue_message` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` ORDER BY a.`mail_id` ASC LIMIT {$limit}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { while ($rsrow = mysql_fetch_assoc($res)) { $temp['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, FORMAT_TEXT2HTML); $temp['_user_other'] = $rsrow['_user_other']; if (empty($temp['_user_other']) && $rsrow['message_type'] == MESS_SYSTEM) { $temp['_user_other'] = $GLOBALS['_lang'][135]; } $temp['email'] = $rsrow['email']; $temp['user'] = $rsrow['user']; $mail_ids[] = $rsrow['mail_id']; if (isset($receivers[$rsrow['fk_user_id']])) { ++$receivers[$rsrow['fk_user_id']]; } else { $receivers[$rsrow['fk_user_id']] = 1; } unset($rsrow['mail_id'], $rsrow['email'], $rsrow['user']); $rsrow['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]); $rsrow['message_body'] = sanitize_and_format($rsrow['message_body'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]); if (!isset($filters[$rsrow['fk_user_id']])) { $query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $rsrow['fk_user_id']; if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow2 = mysql_fetch_assoc($res2)) { $filters[$rsrow['fk_user_id']][] = $rsrow2; } if (!isset($filters[$rsrow['fk_user_id']])) { $filters[$rsrow['fk_user_id']] = array(); } } if (!isset($notifs[$rsrow['fk_user_id']])) { $notifs[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'notify_me'); } $notify = true; $was_sent = false; // was sent by a filter? if (!empty($filters[$rsrow['fk_user_id']])) { for ($i = 0; isset($filters[$rsrow['fk_user_id']][$i]); ++$i) { $filter = $filters[$rsrow['fk_user_id']][$i]; switch ($filter['filter_type']) { case FILTER_SENDER: if ($rsrow['fk_user_id_other'] == $filter['field_value']) { if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) { $into = "`{$dbtable_prefix}user_spambox`"; $notify = false; } else { $into = "`{$dbtable_prefix}user_inbox`"; $rsrow['fk_folder_id'] = $filter['fk_folder_id']; } $query = "INSERT INTO {$into} SET "; foreach ($rsrow as $k => $v) { $query .= "`{$k}`='{$v}',"; } $query = substr($query, 0, -1); if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i], $rsrow); } } if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_insert)) { for ($i = 0; isset($_on_after_insert[$i]); ++$i) { call_user_func($_on_after_insert[$i], $rsrow); } } $was_sent = true; } break 2; // exit the filters for() too } } } if (!$was_sent) { // no filter here - insert directly in inbox $query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET "; foreach ($rsrow as $k => $v) { $query .= "`{$k}`='{$v}',"; } $query = substr($query, 0, -1); if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i], $rsrow); } } if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_insert)) { for ($i = 0; isset($_on_after_insert[$i]); ++$i) { call_user_func($_on_after_insert[$i], $rsrow); } } } if ($notifs[$rsrow['fk_user_id']] && $notify) { $emails[] = $temp; } } if (!empty($mail_ids)) { $query = "DELETE FROM `{$dbtable_prefix}queue_message` WHERE `mail_id` IN ('" . join("','", $mail_ids) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } if (!empty($receivers)) { $uids = array(); // we build an array like array(num_messages1=>array(uid1,uid2,..),num_messages2=>array(uid3,uid4...),...) // this way we can add score for more users at once, saving some processing time foreach ($receivers as $uid => $num) { if (isset($uids[$num])) { $uids[$num][] = $uid; } else { $uids[$num] = array($uid); } } foreach ($uids as $num => $nuids) { add_member_score($nuids, 'new_message', $num); } } // send the notification emails if (!empty($emails)) { for ($i = 0; isset($emails[$i]); ++$i) { send_template_email($emails[$i]['email'], $emails[$i]['subject'], 'new_message.html', $def_skin, $emails[$i]); } } return true; }
function write_and_send_email($current, $data, $template) { global $globalsuccess, $sentemails, $nomail, $start_time; $data .= '===================='; $sentemails++; mlog("SEND {$sentemails} : Sending email to {$current['email']} ... "); $d = array('to' => $current['email'], 'template' => $template); $m = array('DATA' => $data, 'MANAGE' => 'http://www.theyworkforyou.com/D/' . $current['token']); if (!$nomail) { $success = send_template_email($d, $m, true, true); # true = "Precedence: bulk", want bounces mlog("sent ... "); # sleep if time between sending mails is less than a certain number of seconds on average if ((time() - $start_time) / $sentemails < 0.5) { # number of seconds per mail not to be quicker than mlog("pausing ... "); sleep(1); } } else { mlog($data); $success = 1; } mlog("done\n"); if (!$success) { $globalsuccess = 0; } }
function queue_or_send_message($mess_array, $force_send = false) { global $dbtable_prefix; if (!$force_send) { require _BASEPATH_ . '/includes/tables/queue_message.inc.php'; $query = "INSERT INTO `{$dbtable_prefix}queue_message` SET `date_sent`='" . gmdate('YmdHis') . "'"; foreach ($queue_message_default['defaults'] as $k => $v) { if (isset($mess_array[$k])) { $query .= ",`{$k}`='" . $mess_array[$k] . "'"; } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } else { require _BASEPATH_ . '/includes/tables/user_inbox.inc.php'; $was_sent = false; // was sent by a filter? $notify_receiver = get_user_settings($mess_array['fk_user_id'], 'def_user_prefs', 'notify_me'); // see if the receiver has any filters in place to re-route our message $query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $mess_array['fk_user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $filters = array(); $filters[$mess_array['fk_user_id']] = array(); while ($rsrow = mysql_fetch_assoc($res)) { $filters[$mess_array['fk_user_id']][] = $rsrow; } if (!empty($filters[$mess_array['fk_user_id']])) { for ($i = 0; isset($filters[$mess_array['fk_user_id']][$i]); ++$i) { $filter =& $filters[$mess_array['fk_user_id']][$i]; switch ($filter['filter_type']) { case FILTER_SENDER: if ($mess_array['fk_user_id_other'] == $filter['field_value']) { if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) { $into = "`{$dbtable_prefix}user_spambox`"; $notify_receiver = false; require _BASEPATH_ . '/includes/tables/user_inbox.inc.php'; $defaults_table =& $user_spambox_default; } else { $into = "`{$dbtable_prefix}user_inbox`"; $mess_array['fk_folder_id'] = $filter['fk_folder_id']; $defaults_table =& $user_inbox_default; } $query = "INSERT INTO {$into} SET `date_sent`='" . gmdate('YmdHis') . "'"; foreach ($defaults_table['defaults'] as $k => $v) { if (isset($mess_array[$k])) { $query .= ",`{$k}`='" . $mess_array[$k] . "'"; } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $was_sent = true; } break 2; // exit the filters for() too } } } if (!$was_sent) { // no filter here - insert directly in inbox $query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET `date_sent`='" . gmdate('YmdHis') . "'"; foreach ($user_inbox_default['defaults'] as $k => $v) { if (isset($mess_array[$k])) { $query .= ",`{$k}`='" . $mess_array[$k] . "'"; } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } if ($notify_receiver) { // new message notification $mess_array['subject'] = sanitize_and_format($mess_array['subject'], TYPE_STRING, FORMAT_STRIPSLASH | FORMAT_TEXT2HTML); $def_skin = get_default_skin_dir(); if (empty($mess_array['_user_other']) && $mess_array['message_type'] == MESS_SYSTEM) { include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php'; $mess_array['_user_other'] =& $GLOBALS['_lang'][135]; } $query = "SELECT a.`email`,b.`_user` FROM `" . USER_ACCOUNTS_TABLE . "` a,`{$dbtable_prefix}user_profiles` b WHERE a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` AND a.`" . USER_ACCOUNT_ID . "`='" . $mess_array['fk_user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $receiver_email = mysql_result($res, 0, 0); $mess_array['user'] = mysql_result($res, 0, 1); send_template_email($receiver_email, $mess_array['subject'], 'new_message.html', $def_skin, $mess_array); } } } }
function thankyou(&$tpl) { $myreturn = false; global $dbtable_prefix; $input = array(); $output = array(); foreach ($this->from_tco['types'] as $k => $v) { $input[$k] = sanitize_and_format_gpc($_POST, $k, $GLOBALS['__field2type'][$v], $GLOBALS['__field2format'][$v], $this->from_tco['defaults'][$k]); } $input['x_amount'] = number_format($input['x_amount'], 2, '.', ''); $input['x_Email'] = strtolower($input['x_Email']); $input['card_holder_name'] = ucwords(strtolower($input['card_holder_name'])); if (strcasecmp($input['x_2checked'], 'Y') == 0) { if ($this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) { $input['x_trans_id'] = 1; } if ($input['x_response_code'] == 1) { // processed ok if (strcasecmp($input['x_MD5_Hash'], strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))) == 0) { if ($input['dm_item_type'] == 'subscr') { $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_user = mysql_fetch_assoc($res); $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['internal_id'] . " AND `is_visible`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_subscr = mysql_fetch_assoc($res); if (number_format($real_subscr['price'], 2) == number_format($input['x_amount'], 2)) { if (strcasecmp($input['demo'], 'Y') != 0 || $this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) { require_once _BASEPATH_ . '/includes/iso31661a3.inc.php'; if (isset($GLOBALS['iso31661a3'][$input['x_Country']])) { $input['country'] = $GLOBALS['iso31661a3'][$input['x_Country']]; // needed for the fraud check $input['email'] = $input['x_Email']; $this->check_fraud($input); } else { $this->is_fraud = true; $this->fraud_reason = 'Invalid country code received from 2CheckOut. Please contact administrator.'; require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'country code received from 2co not found in iso31661a3.inc.php file' . array2qs($_POST))); } if (!empty($real_subscr['duration'])) { // if the old subscription is not over yet, we need to extend the new one with some days $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $rsrow = mysql_fetch_assoc($res); $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); if ((int) $rsrow['paid_until'] > (int) $time) { $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400; //86400 seconds in a day if ($remaining_days > 0) { $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days; $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration']; $days_append = round($remaining_value / $day_value_new); $real_subscr['duration'] = (int) $real_subscr['duration']; $real_subscr['duration'] += $days_append; } } } } $now = gmdate('Ymd'); // all old active subscriptions end now! $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } // insert the new subscription $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`='" . $real_subscr['subscr_id'] . "',`gw_txn`='" . $input['x_trans_id'] . "',`name`='" . $input['card_holder_name'] . "',`country`='" . $input['x_Country'] . "',`state`='" . $input['x_State'] . "',`city`='" . $input['x_City'] . "',`zip`='" . $input['x_Zip'] . "',`street_address`='" . $input['x_Address'] . "',`email`='" . $input['x_Email'] . "',`phone`='" . $input['x_Phone'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['x_amount'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . addslashes($this->fraud_reason) . "',`date`=now(),`paid_from`='{$now}'"; if (!empty($real_subscr['duration'])) { $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY'; } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$this->is_fraud) { $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $myreturn = true; add_member_score($real_user['user_id'], 'payment'); $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html'); } else { $output['name'] = $input['card_holder_name']; $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html'); $tpl->set_var('output', $output); $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL); // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4 $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['x_trans_id'] . ': ' . $this->fraud_reason); } } } else { // a demo transaction when we're not in demo mode $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($input))); } } else { // paid price doesn't match the subscription price $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($input))); } } else { // if the subscr_id was not found $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($input))); } } else { // if the user_id was not found $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($input))); } } elseif ($input['dm_item_type'] == 'prod') { // no product support for now in Etano } else { // dm_item_type is neither 'prod' nor 'subscr' $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($input))); } } else { $tpl->set_var('gateway_text', $GLOBALS['_lang'][199]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid hash code received after payment: ' . array2qs($input) . '. My hash:' . strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount'])))); } } else { $tpl->set_var('gateway_text', sprintf($GLOBALS['_lang'][200], $input['x_response_reason_text'], $input['x_response_reason_code'])); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error: ' . $input['x_response_reason_text'] . '(' . $input['x_response_reason_code'] . ")\n" . array2qs($input))); } } else { $tpl->set_var('gateway_text', $GLOBALS['_lang'][201]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error. Card not processed. ' . array2qs($input))); } return $myreturn; }
function write_and_send_email($email, $user_id, $data) { global $globalsuccess, $sentemails, $nomail, $start_time; $data .= '====================' . "\n\n"; if ($user_id) { $data .= "As a registered user, visit http://www.openaustralia.org/user/\nto manage your alerts.\n"; } else { $data .= "If you register on the site, you will be able to manage your\nalerts there as well as post comments. :)\n"; } $sentemails++; mlog("SEND {$sentemails} : Sending email to {$email} ... "); $d = array('to' => $email, 'template' => 'alert_mailout'); $m = array('DATA' => $data); if (!$nomail) { $success = send_template_email($d, $m, true); # true = "Precedence: bulk" mlog("sent ... "); # sleep if time between sending mails is less than a certain number of seconds on average if ((time() - $start_time) / $sentemails < 0.5) { # number of seconds per mail not to be quicker than mlog("pausing ... "); sleep(1); } } else { mlog($data); $success = 1; } mlog("done\n"); if (!$success) { $globalsuccess = 0; } }
function write_and_send_email($current, $data, $template) { global $globalsuccess, $sentemails, $nomail, $start_time; $sentemails++; mlog("SEND {$sentemails} : Sending email to {$current['email']} ... "); $d = array('to' => $current['email'], 'template' => $template); $m = array('DATA' => join("\n", $data), 'MANAGE' => 'http://www.theyworkforyou.com/D/' . $current['token'], 'ALERT_IS' => count($data) == 1 ? 'alert is' : 'alerts are', 'ALERTS' => count($data) == 1 ? 'an alert' : 'some alerts'); if (!$nomail) { $success = send_template_email($d, $m, true); mlog("sent ... "); # sleep if time between sending mails is less than a certain number of seconds on average if ((time() - $start_time) / $sentemails < 0.5) { # number of seconds per mail not to be quicker than mlog("pausing ... "); sleep(1); } } else { mlog(join('', $data)); $success = 1; } mlog("done\n"); if (!$success) { $globalsuccess = 0; } }
function send_password_reminder() { global $PAGE; // You'll probably have just called $this->change_password(). if ($this->email() == '') { $PAGE->error_message("No email set for this user, so can't send a password reminder."); return false; } $data = array('to' => $this->email(), 'template' => 'new_password'); $URL = new URL("userlogin"); $merge = array('EMAIL' => $this->email(), 'LOGINURL' => "http://" . DOMAIN . $URL->generate(), 'PASSWORD' => $this->password()); // send_template_email in utility.php. $success = send_template_email($data, $merge); return $success; }
function process(&$input, $type) { global $dbtable_prefix, $tpl; if (!isset($tpl)) { $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs'); } // require_once _BASEPATH_.'/includes/classes/log_error.class.php'; // new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true))); if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) { // some transformations parse_str($input['custom'], $temp); if (!empty($temp['uid'])) { $input['user_id'] = $temp['uid']; } $input['dm_item_type'] = $temp['dit']; $input['business'] = strtolower($input['business']); $input['receiver_email'] = strtolower($input['receiver_email']); $input['first_name'] = ucwords(strtolower($input['first_name'])); $input['last_name'] = ucwords(strtolower($input['last_name'])); $query = "SELECT get_lock('" . $input['txn_id'] . "',10)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_result($res, 0, 0) == 1) { $query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { // the other process already did the job. Let's release the lock if ($type == 'pdt') { $output = mysql_fetch_assoc($res); // tell member that he will receive everything by email if ($output['is_subscr']) { if ($output['is_suspect']) { $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html'); } else { $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html'); } } else { $tpl->set_file('gateway_text', 'thankyou_prod_nok.html'); } $tpl->set_var('output', $output); $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL); } $query = "SELECT release_lock('" . $input['txn_id'] . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } else { // we arrived before the other process, let's do the dirty work... if ($input['dm_item_type'] == 'subscr') { $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_user = mysql_fetch_assoc($res); if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) { if (strcasecmp($input['payment_status'], 'Completed') == 0) { $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_subscr = mysql_fetch_assoc($res); if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) { if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) { require_once _BASEPATH_ . '/includes/iso31661a2.inc.php'; if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) { $input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']]; $input['email'] = $input['payer_email']; $this->check_fraud($input); } else { $this->is_fraud = true; $this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.'; require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST))); } if (!empty($real_subscr['duration'])) { // if the old subscription is not over yet, we need to extend the new one with some days $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $rsrow = mysql_fetch_assoc($res); $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); if ((int) $rsrow['paid_until'] > (int) $time) { $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400; //86400 seconds in a day if ($remaining_days > 0) { $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days; $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration']; $days_append = round($remaining_value / $day_value_new); $real_subscr['duration'] = (int) $real_subscr['duration']; $real_subscr['duration'] += $days_append; } } } } $now = gmdate('Ymd'); // all old active subscriptions end now! $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } // insert the new subscription $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()"; if (!empty($real_subscr['duration'])) { $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY'; } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$this->is_fraud) { $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $myreturn = true; add_member_score($real_user['user_id'], 'payment'); if ($type == 'pdt') { $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html'); } } else { if ($type == 'pdt') { $output['name'] = $input['card_holder_name']; $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html'); $tpl->set_var('output', $output); $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL); } // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4 $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason); } } } else { // a demo transaction when we're not in demo mode if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST))); } } else { // paid price doesn't match the subscription price if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST))); } } else { // if the subscr_id was not found if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST))); } } else { if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][190]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST))); } } elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) { $query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $payment_id = mysql_result($res, 0, 0); $now = gmdate('Ymd'); $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } else { // invalid eot. require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST))); } } else { // unhandled txn_type if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][191]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST))); } } else { // if the user_id was not found if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST))); } } elseif ($input['dm_item_type'] == 'prod') { // no product support for now in Etano require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST))); } else { // dm_item_type is neither 'prod' nor 'subscr' if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST))); } // job done, release the lock $query = "SELECT release_lock('" . $input['txn_id'] . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } else { // we could not obtain the lock. // The other process is taking too long but at least this should mean that it is handling this } } else { require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST))); } }