function score_manage() { global $dbtable_prefix; $now = gmdate('YmdHis'); // take back a fraction of the join score from those who joined in the last 10 days $takeback = -add_member_score(0, 'join', 1, true) / 10; $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `date_added`>DATE_SUB('{$now}',INTERVAL 10 DAY)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $user_ids = array(); for ($i = 0; $i < mysql_num_rows($res); ++$i) { $user_ids[] = mysql_result($res, $i, 0); } if (!empty($user_ids)) { add_member_score($user_ids, 'force', 1, false, $takeback); } // now decrease the score for those that are inactive for more than a month $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `last_activity`<DATE_SUB('{$now}',INTERVAL 1 MONTH)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $user_ids = array(); for ($i = 0; $i < mysql_num_rows($res); ++$i) { $user_ids[] = mysql_result($res, $i, 0); } if (!empty($user_ids)) { add_member_score($user_ids, 'inactivity'); } return true; }
function clean_online_table() { global $dbtable_prefix; $config = get_site_option(array('inactive_time'), 'core'); $now = gmdate('YmdHis'); $query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id` IS NULL AND `last_activity`<'{$now}'-INTERVAL '" . $config['inactive_time'] . "' MINUTE"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "SELECT a.`fk_user_id` FROM `{$dbtable_prefix}online` a WHERE a.`last_activity`<'{$now}'-INTERVAL '" . $config['inactive_time'] . "' MINUTE AND `fk_user_id` IS NOT NULL"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $to_del = array(); while ($rsrow = mysql_fetch_assoc($res)) { $to_del[$rsrow['fk_user_id']] = 1; } if (!empty($to_del)) { $to_del = array_keys($to_del); add_member_score($to_del, 'login', -1); $query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id` IN ('" . join("','", $to_del) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='{$now}' WHERE `" . USER_ACCOUNT_ID . "` IN ('" . join("','", $to_del) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } return true; }
function on_before_delete_blog_post() { global $dbtable_prefix, $post_ids; require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; $fileop = new fileop(); $query = "SELECT `post_id`,`fk_blog_id`,`fk_user_id`,UNIX_TIMESTAMP(`date_posted`) as `date_posted` FROM `{$dbtable_prefix}blog_posts` WHERE `post_id` IN ('" . join("','", $post_ids) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $blog_ids = array(); $user_ids = array(); $dates = array(); while ($rsrow = mysql_fetch_assoc($res)) { if (isset($blog_ids[$rsrow['fk_blog_id']])) { --$blog_ids[$rsrow['fk_blog_id']]; } else { $blog_ids[$rsrow['fk_blog_id']] = -1; } if (isset($user_ids[$rsrow['fk_user_id']])) { --$user_ids[$rsrow['fk_user_id']]; } else { $user_ids[$rsrow['fk_user_id']] = -1; } $dates[$rsrow['fk_blog_id']][] = $rsrow['date_posted']; } foreach ($blog_ids as $bid => $num) { // blog stats $bid = (string) $bid; $query = "UPDATE `{$dbtable_prefix}user_blogs` SET `stat_posts`=`stat_posts`+{$num} WHERE `blog_id`={$bid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } // blog_archive $blog_archive = array(); if (is_file(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php')) { include _CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php'; } for ($i = 0; isset($dates[$bid][$i]); ++$i) { $year = (int) date('Y', $dates[$bid][$i]); $month = (int) date('m', $dates[$bid][$i]); if (isset($blog_archive[$year][$month])) { --$blog_archive[$year][$month]; } if (empty($blog_archive[$year][$month])) { unset($blog_archive[$year][$month]); } } krsort($blog_archive, SORT_NUMERIC); $towrite = '<?php $blog_archive=' . var_export($blog_archive, true) . ';'; $fileop->file_put_contents(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php', $towrite); } foreach ($user_ids as $uid => $num) { update_stats($uid, 'blog_posts', $num); add_member_score($uid, 'del_blog', -$num); // -$num because $num is already negative. } }
function on_before_delete_photo() { global $dbtable_prefix, $photo_ids; $query = "SELECT `photo_id`,`fk_user_id`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", $photo_ids) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $photo_ids = array(); // yup $user_ids = array(); $scores = array(); $score_photo = add_member_score(0, 'del_photo', 1, true); // just read the score, don't set anything $score_main_photo = add_member_score(0, 'del_main_photo', 1, true); // just read the score, don't set anything $main_photos = array(); while ($rsrow = mysql_fetch_assoc($res)) { $photo_ids[] = $rsrow['photo_id']; // get only the not processed ones if ($rsrow['status'] == STAT_APPROVED) { // everything happens with approved photos only. if (isset($user_ids[$rsrow['fk_user_id']])) { --$user_ids[$rsrow['fk_user_id']]; } else { $user_ids[$rsrow['fk_user_id']] = -1; } if (isset($scores[$rsrow['fk_user_id']])) { $scores[$rsrow['fk_user_id']] += empty($rsrow['is_main']) ? $score_photo : $score_main_photo; } else { $scores[$rsrow['fk_user_id']] = empty($rsrow['is_main']) ? $score_photo : $score_main_photo; } if (!empty($rsrow['is_main'])) { $main_photos[$rsrow['fk_user_id']] = $rsrow['photo']; } } } foreach ($user_ids as $uid => $num) { update_stats($uid, 'total_photos', $num); } foreach ($scores as $uid => $score) { add_member_score($uid, 'force', 1, false, $score); } $now = gmdate('YmdHis'); foreach ($main_photos as $uid => $photo) { $query = "UPDATE `{$dbtable_prefix}user_profiles` SET `_photo`='',`last_changed`='{$now}' WHERE `fk_user_id`={$uid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } // this is needed to recreate caches containing the new photo if (!empty($main_photos)) { $query = "UPDATE `{$dbtable_prefix}blog_posts` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}comments_blog` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}comments_photo` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}comments_profile` SET `last_changed`='{$now}' WHERE `fk_user_id` IN (" . join(',', array_keys($main_photos)) . ")"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } }
$input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id']; send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input); } $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $is_update = false; if (mysql_num_rows($res)) { $is_update = true; } $now = gmdate('YmdHis'); if ($is_update) { $query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'"; } else { $query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'"; } if ($input['page'] == 1) { $query .= ",`_user`='" . $input['user'] . "'"; if (get_site_option('manual_profile_approval', 'core') == 1) { $query .= ",`status`=" . STAT_PENDING; } else { $query .= ",`status`=" . STAT_APPROVED; } } for ($i = 0; isset($my_fields[$i]); ++$i) { $query .= ',' . $_pfields[$my_fields[$i]]->query_set(); } if ($is_update) { $query .= " WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id']; }
$query .= " OR (`fk_user_id`=" . $input['uid'] . " AND `fk_net_id`=" . $input['net_id'] . " AND `fk_user_id_other`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "')"; } if (isset($_on_before_delete)) { for ($i = 0; isset($_on_before_delete[$i]); ++$i) { call_user_func($_on_before_delete[$i]); } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_delete)) { for ($i = 0; isset($_on_after_delete[$i]); ++$i) { call_user_func($_on_after_delete[$i]); } } if ($input['net_id'] == NET_BLOCK) { del_message_filter(array('filter_type' => FILTER_SENDER, 'fk_user_id' => $_SESSION[_LICENSE_KEY_]['user']['user_id'], 'field_value' => $input['uid'])); add_member_score($input['uid'], 'unblock_member'); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = sprintf($GLOBALS['_lang'][87], get_user_by_userid($input['uid']), get_net_name($input['net_id'])); } } if ($error) { // you must re-read all textareas from $_GET like this: // $input['x']=addslashes_mq($_GET['x']); $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH); $topass['input'] = $input; } $nextpage = _BASEURL_ . '/' . $nextpage; redirect2page($nextpage, $topass, '', true);
function on_before_delete_comment() { global $dbtable_prefix, $comment_ids, $comment_type; switch ($comment_type) { case 'blog': $table = "`{$dbtable_prefix}comments_blog`"; $parent_table = "`{$dbtable_prefix}blog_posts`"; $parent_key = "`post_id`"; break; case 'photo': $table = "`{$dbtable_prefix}comments_photo`"; $parent_table = "`{$dbtable_prefix}user_photos`"; $parent_key = "`photo_id`"; break; case 'user': $table = "`{$dbtable_prefix}comments_profile`"; $parent_table = "`{$dbtable_prefix}user_profiles`"; $parent_key = "`fk_user_id`"; break; } $query = "SELECT a.`comment_id`,a.`fk_parent_id`,a.`fk_user_id`,b.`fk_user_id` as `fk_parent_owner_id` FROM {$table} a,{$parent_table} b WHERE a.`comment_id` IN ('" . join("','", $comment_ids) . "') AND a.`fk_parent_id`=b.{$parent_key}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $parent_ids = array(); $user_ids = array(); $parent_owner_ids = array(); while ($rsrow = mysql_fetch_assoc($res)) { if (isset($parent_ids[$rsrow['fk_parent_id']])) { --$parent_ids[$rsrow['fk_parent_id']]; } else { $parent_ids[$rsrow['fk_parent_id']] = -1; } if (isset($user_ids[$rsrow['fk_user_id']])) { --$user_ids[$rsrow['fk_user_id']]; } else { $user_ids[$rsrow['fk_user_id']] = -1; } if ($rsrow['fk_parent_owner_id'] != $rsrow['fk_user_id']) { if (isset($parent_owner_ids[$rsrow['fk_parent_owner_id']])) { --$parent_owner_ids[$rsrow['fk_parent_owner_id']]; } else { $parent_owner_ids[$rsrow['fk_parent_owner_id']] = -1; } } } if ($comment_type != 'user') { foreach ($parent_ids as $pid => $num) { $query = "UPDATE {$parent_table} SET `stat_comments`=`stat_comments`+{$num} WHERE {$parent_key}='{$pid}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } else { foreach ($parent_ids as $pid => $num) { update_stats($pid, 'profile_comments', $num); } } foreach ($parent_owner_ids as $uid => $num) { if (!empty($uid)) { add_member_score($uid, 'removed_comment', -$num); // -$num because $num is already negative. } } }
function on_after_approve_blog_post() { global $dbtable_prefix, $post_ids; require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; $fileop = new fileop(); $query = "SELECT `post_id`,`fk_blog_id`,`fk_user_id` FROM `{$dbtable_prefix}blog_posts` WHERE `post_id` IN ('" . join("','", $post_ids) . "') AND `processed`=0"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $post_ids = array(); // yup $blog_ids = array(); $user_ids = array(); while ($rsrow = mysql_fetch_assoc($res)) { $post_ids[] = $rsrow['post_id']; // get only the not processed ones if (!isset($blog_ids[$rsrow['fk_blog_id']])) { $blog_ids[$rsrow['fk_blog_id']] = 1; } else { ++$blog_ids[$rsrow['fk_blog_id']]; } if (!isset($user_ids[$rsrow['fk_user_id']])) { $user_ids[$rsrow['fk_user_id']] = 1; } else { ++$user_ids[$rsrow['fk_user_id']]; } } $year = (int) date('Y'); $month = (int) date('m'); foreach ($blog_ids as $bid => $num) { // blog stats $bid = (string) $bid; $query = "UPDATE `{$dbtable_prefix}user_blogs` SET `stat_posts`=`stat_posts`+{$num} WHERE `blog_id`={$bid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } // blog_archive $blog_archive = array(); if (is_file(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php')) { include _CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php'; } if (isset($blog_archive[$year][$month])) { $blog_archive[$year][$month] += $num; } else { $blog_archive[$year][$month] = $num; } krsort($blog_archive, SORT_NUMERIC); $towrite = '<?php $blog_archive=' . var_export($blog_archive, true) . ';'; $fileop->file_put_contents(_CACHEPATH_ . '/blogs/' . $bid[0] . '/' . $bid . '/blog_archive.inc.php', $towrite); } foreach ($user_ids as $uid => $num) { update_stats($uid, 'blog_posts', $num); add_member_score($uid, 'add_blog', $num); } if (!empty($post_ids)) { $query = "UPDATE `{$dbtable_prefix}blog_posts` SET `processed`=1 WHERE `post_id` IN ('" . join("','", $post_ids) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } }
$score = 0; // it might happen that the user is already logged in. Don't add the login score if that's the case. $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!mysql_num_rows($res)) { $score += add_member_score($user['user_id'], 'login', 1, true); // just read the value } if ($user['last_activity'] < $time - $score_threshold) { $score += add_member_score($user['user_id'], 'login_bonus', 1, true); // just read the value } if (!empty($score)) { add_member_score($user['user_id'], 'force', 1, false, $score); } $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (USE_DB_SESSIONS == 1) { $query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } unset($user['last_activity']); $_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user); $_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time; if (isset($_on_after_login)) {
static function login_by_id($user_id) { global $dbtable_prefix; EtanoApi::load_common(); if (is_file(_BASEPATH_ . '/events/processors/login.php')) { include_once _BASEPATH_ . '/events/processors/login.php'; } require_once _BASEPATH_ . '/skins_site/' . EtanoApi::get_my_skin() . '/lang/login.inc.php'; $score_threshold = 600; // seconds $error = false; $topass = array(); $nextpage = 'login.php'; $qs = ''; $qssep = ''; $log['level'] = 'login'; $log['user_id'] = $user_id; $log['sess'] = session_id(); // $log['user']=$user; // $log['membership']=$_SESSION[_LICENSE_KEY_]['user']['membership']; $log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])); log_user_action($log); rate_limiter($log); $query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_ID . "`={$user_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $user = mysql_fetch_assoc($res); $user['membership'] = (int) $user['membership']; $user['user_id'] = (int) $user['user_id']; if ($user['status'] == ASTAT_ACTIVE) { $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); $user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments')); $score = 0; // it might happen that the user is already logged in. Don't add the login score if that's the case. $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!mysql_num_rows($res)) { $score += add_member_score($user['user_id'], 'login', 1, true); // just read the value } if ($user['last_activity'] < $time - $score_threshold) { $score += add_member_score($user['user_id'], 'login_bonus', 1, true); // just read the value } if (!empty($score)) { add_member_score($user['user_id'], 'force', 1, false, $score); } $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (USE_DB_SESSIONS == 1) { $query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } unset($user['last_activity'], $user['email']); $_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user); $_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time; if (isset($_on_after_login)) { for ($i = 0; isset($_on_after_login[$i]); ++$i) { call_user_func($_on_after_login[$i]); } } } elseif ($user['status'] == ASTAT_UNVERIFIED) { throw new Exception('', ASTAT_UNVERIFIED); } elseif ($user['status'] == ASTAT_SUSPENDED) { throw new Exception($GLOBALS['_lang'][71], ASTAT_SUSPENDED); } } else { throw new Exception($GLOBALS['_lang'][72], 0); } return true; }
function send_queue_message() { $limit = 50; // number of messages in a batch unset($_on_before_insert, $_on_after_insert); if (is_file(_BASEPATH_ . '/events/cronjobs/send_queue_message.php')) { include_once _BASEPATH_ . '/events/cronjobs/send_queue_message.php'; } global $dbtable_prefix, $def_skin; include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php'; $filters = array(); $notifs = array(); $emails = array(); $mail_ids = array(); $receivers = array(); $query = "SELECT a.`mail_id`,a.`fk_user_id`,a.`fk_user_id_other`,a.`_user_other`,a.`subject`,a.`message_body`,a.`date_sent`,a.`message_type`,b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}queue_message` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` ORDER BY a.`mail_id` ASC LIMIT {$limit}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { while ($rsrow = mysql_fetch_assoc($res)) { $temp['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, FORMAT_TEXT2HTML); $temp['_user_other'] = $rsrow['_user_other']; if (empty($temp['_user_other']) && $rsrow['message_type'] == MESS_SYSTEM) { $temp['_user_other'] = $GLOBALS['_lang'][135]; } $temp['email'] = $rsrow['email']; $temp['user'] = $rsrow['user']; $mail_ids[] = $rsrow['mail_id']; if (isset($receivers[$rsrow['fk_user_id']])) { ++$receivers[$rsrow['fk_user_id']]; } else { $receivers[$rsrow['fk_user_id']] = 1; } unset($rsrow['mail_id'], $rsrow['email'], $rsrow['user']); $rsrow['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]); $rsrow['message_body'] = sanitize_and_format($rsrow['message_body'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]); if (!isset($filters[$rsrow['fk_user_id']])) { $query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $rsrow['fk_user_id']; if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow2 = mysql_fetch_assoc($res2)) { $filters[$rsrow['fk_user_id']][] = $rsrow2; } if (!isset($filters[$rsrow['fk_user_id']])) { $filters[$rsrow['fk_user_id']] = array(); } } if (!isset($notifs[$rsrow['fk_user_id']])) { $notifs[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'notify_me'); } $notify = true; $was_sent = false; // was sent by a filter? if (!empty($filters[$rsrow['fk_user_id']])) { for ($i = 0; isset($filters[$rsrow['fk_user_id']][$i]); ++$i) { $filter = $filters[$rsrow['fk_user_id']][$i]; switch ($filter['filter_type']) { case FILTER_SENDER: if ($rsrow['fk_user_id_other'] == $filter['field_value']) { if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) { $into = "`{$dbtable_prefix}user_spambox`"; $notify = false; } else { $into = "`{$dbtable_prefix}user_inbox`"; $rsrow['fk_folder_id'] = $filter['fk_folder_id']; } $query = "INSERT INTO {$into} SET "; foreach ($rsrow as $k => $v) { $query .= "`{$k}`='{$v}',"; } $query = substr($query, 0, -1); if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i], $rsrow); } } if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_insert)) { for ($i = 0; isset($_on_after_insert[$i]); ++$i) { call_user_func($_on_after_insert[$i], $rsrow); } } $was_sent = true; } break 2; // exit the filters for() too } } } if (!$was_sent) { // no filter here - insert directly in inbox $query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET "; foreach ($rsrow as $k => $v) { $query .= "`{$k}`='{$v}',"; } $query = substr($query, 0, -1); if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i], $rsrow); } } if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_insert)) { for ($i = 0; isset($_on_after_insert[$i]); ++$i) { call_user_func($_on_after_insert[$i], $rsrow); } } } if ($notifs[$rsrow['fk_user_id']] && $notify) { $emails[] = $temp; } } if (!empty($mail_ids)) { $query = "DELETE FROM `{$dbtable_prefix}queue_message` WHERE `mail_id` IN ('" . join("','", $mail_ids) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } if (!empty($receivers)) { $uids = array(); // we build an array like array(num_messages1=>array(uid1,uid2,..),num_messages2=>array(uid3,uid4...),...) // this way we can add score for more users at once, saving some processing time foreach ($receivers as $uid => $num) { if (isset($uids[$num])) { $uids[$num][] = $uid; } else { $uids[$num] = array($uid); } } foreach ($uids as $num => $nuids) { add_member_score($nuids, 'new_message', $num); } } // send the notification emails if (!empty($emails)) { for ($i = 0; isset($emails[$i]); ++$i) { send_template_email($emails[$i]['email'], $emails[$i]['subject'], 'new_message.html', $def_skin, $emails[$i]); } } return true; }
function on_after_approve_comment() { global $dbtable_prefix, $comment_ids, $comment_type, $__field2format; switch ($comment_type) { case 'blog': $table = "`{$dbtable_prefix}comments_blog`"; $parent_table = "`{$dbtable_prefix}blog_posts`"; $parent_key = "`post_id`"; break; case 'photo': $table = "`{$dbtable_prefix}comments_photo`"; $parent_table = "`{$dbtable_prefix}user_photos`"; $parent_key = "`photo_id`"; break; case 'user': $table = "`{$dbtable_prefix}comments_profile`"; $parent_table = "`{$dbtable_prefix}user_profiles`"; $parent_key = "`fk_user_id`"; break; } // only for new comments (because of the processed=0) $query = "SELECT a.`comment_id`,a.`_user` as `comment_poster`,a.`fk_parent_id`,a.`fk_user_id`,b.`fk_user_id` as `fk_parent_owner_id` FROM {$table} a,{$parent_table} b WHERE a.`comment_id` IN ('" . join("','", $comment_ids) . "') AND a.`fk_parent_id`=b.{$parent_key} AND a.`processed`=0"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $comment_ids = array(); // yup $parent_ids = array(); $user_ids = array(); $parent_owner_ids = array(); $notifs = array(); while ($rsrow = mysql_fetch_assoc($res)) { $comment_ids[] = $rsrow['comment_id']; // get only the not processed ones if (isset($parent_ids[$rsrow['fk_parent_id']])) { ++$parent_ids[$rsrow['fk_parent_id']]; } else { $parent_ids[$rsrow['fk_parent_id']] = 1; } if (isset($user_ids[$rsrow['fk_user_id']])) { ++$user_ids[$rsrow['fk_user_id']]; } else { $user_ids[$rsrow['fk_user_id']] = 1; } if ($rsrow['fk_parent_owner_id'] != $rsrow['fk_user_id']) { if (!isset($notifs[$rsrow['fk_parent_owner_id']])) { $notifs[$rsrow['fk_parent_owner_id']]['comment_poster'] = $rsrow['comment_poster']; $notifs[$rsrow['fk_parent_owner_id']]['comment_id'] = $rsrow['comment_id']; $notifs[$rsrow['fk_parent_owner_id']]['parent_id'] = $rsrow['fk_parent_id']; } if (isset($parent_owner_ids[$rsrow['fk_parent_owner_id']])) { ++$parent_owner_ids[$rsrow['fk_parent_owner_id']]; } else { $parent_owner_ids[$rsrow['fk_parent_owner_id']] = 1; } } } // increment the number of comments of the item(s) if ($comment_type != 'user') { foreach ($parent_ids as $pid => $num) { $query = "UPDATE {$parent_table} SET `stat_comments`=`stat_comments`+{$num} WHERE {$parent_key}='{$pid}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } else { foreach ($parent_ids as $pid => $num) { update_stats($pid, 'profile_comments', $num); } } // add the "received_comment" score to the owner of the item foreach ($parent_owner_ids as $uid => $num) { if (!empty($uid)) { add_member_score($uid, 'received_comment', $num); } } // add the "comments_made" score to the poster of the comment foreach ($user_ids as $uid => $num) { if (!empty($uid)) { update_stats($uid, 'comments_made', $num); } } // mark the posted comment(s) as not new anymore so we won't process them again next time. if (!empty($comment_ids)) { $query = "UPDATE {$table} SET `processed`=1 WHERE `comment_id` IN ('" . join("','", $comment_ids) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } // send notifications to item owners. foreach ($notifs as $uid => $v) { $notification['fk_user_id'] = $uid; $notification['message_type'] = MESS_SYSTEM; switch ($comment_type) { case 'blog': $notification['subject'] = sanitize_and_format($GLOBALS['_lang'][160], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); $notification['message_body'] = sanitize_and_format(sprintf($GLOBALS['_lang'][161], $v['comment_poster'], $v['parent_id'], $v['comment_id']), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); break; case 'photo': $notification['subject'] = sanitize_and_format($GLOBALS['_lang'][162], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); $notification['message_body'] = sanitize_and_format(sprintf($GLOBALS['_lang'][163], $v['comment_poster'], $v['parent_id'], $v['comment_id']), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); break; case 'user': $notification['subject'] = sanitize_and_format($GLOBALS['_lang'][164], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); $notification['message_body'] = sanitize_and_format(sprintf($GLOBALS['_lang'][165], $v['comment_poster'], $v['comment_id']), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); break; } queue_or_send_message($notification); } }
******************************************************************************/ require '../includes/common.inc.php'; require _BASEPATH_ . '/includes/user_functions.inc.php'; if (is_file(_BASEPATH_ . '/events/processors/logout.php')) { include _BASEPATH_ . '/events/processors/logout.php'; } $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { $query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i]); } } @mysql_query($query); add_member_score($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'login', -1); $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $_SESSION[_LICENSE_KEY_]['user']['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_insert)) { for ($i = 0; isset($_on_after_insert[$i]); ++$i) { call_user_func($_on_after_insert[$i]); } } } $_SESSION[_LICENSE_KEY_]['user'] = array(); unset($_SESSION[_LICENSE_KEY_]['user']); $_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time; header('Expires: Mon,26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D,d M Y H:i:s') . ' GMT');
require_once 'include.php'; $act = $_REQUEST['act']; if ($act === 'login') { $msg = login(); } elseif ($act === 'logout') { $msg = logout(); } elseif ($act === 'add_member') { $msg = add_member(); } elseif ($act === 'edit_member') { $msg = edit_member(); } elseif ($act === 'add_member_fee') { $msg = add_member_fee(); } elseif ($act === 'add_member_fen') { $msg = add_member_fen(); } elseif ($act === 'add_member_score') { $msg = add_member_score(); } elseif ($act === 'delete_member') { $msg = delete_member(); } elseif ($act === 'add_grade') { $msg = change_grade(1); } elseif ($act === 'minus_grade') { $msg = change_grade(2); } elseif ($act === 'update_month_fee') { $msg = update_month_fee(); } ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <meta name="description" content="">
function thankyou(&$tpl) { $myreturn = false; global $dbtable_prefix; $input = array(); $output = array(); foreach ($this->from_tco['types'] as $k => $v) { $input[$k] = sanitize_and_format_gpc($_POST, $k, $GLOBALS['__field2type'][$v], $GLOBALS['__field2format'][$v], $this->from_tco['defaults'][$k]); } $input['x_amount'] = number_format($input['x_amount'], 2, '.', ''); $input['x_Email'] = strtolower($input['x_Email']); $input['card_holder_name'] = ucwords(strtolower($input['card_holder_name'])); if (strcasecmp($input['x_2checked'], 'Y') == 0) { if ($this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) { $input['x_trans_id'] = 1; } if ($input['x_response_code'] == 1) { // processed ok if (strcasecmp($input['x_MD5_Hash'], strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))) == 0) { if ($input['dm_item_type'] == 'subscr') { $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_user = mysql_fetch_assoc($res); $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['internal_id'] . " AND `is_visible`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_subscr = mysql_fetch_assoc($res); if (number_format($real_subscr['price'], 2) == number_format($input['x_amount'], 2)) { if (strcasecmp($input['demo'], 'Y') != 0 || $this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) { require_once _BASEPATH_ . '/includes/iso31661a3.inc.php'; if (isset($GLOBALS['iso31661a3'][$input['x_Country']])) { $input['country'] = $GLOBALS['iso31661a3'][$input['x_Country']]; // needed for the fraud check $input['email'] = $input['x_Email']; $this->check_fraud($input); } else { $this->is_fraud = true; $this->fraud_reason = 'Invalid country code received from 2CheckOut. Please contact administrator.'; require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'country code received from 2co not found in iso31661a3.inc.php file' . array2qs($_POST))); } if (!empty($real_subscr['duration'])) { // if the old subscription is not over yet, we need to extend the new one with some days $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $rsrow = mysql_fetch_assoc($res); $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); if ((int) $rsrow['paid_until'] > (int) $time) { $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400; //86400 seconds in a day if ($remaining_days > 0) { $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days; $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration']; $days_append = round($remaining_value / $day_value_new); $real_subscr['duration'] = (int) $real_subscr['duration']; $real_subscr['duration'] += $days_append; } } } } $now = gmdate('Ymd'); // all old active subscriptions end now! $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } // insert the new subscription $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`='" . $real_subscr['subscr_id'] . "',`gw_txn`='" . $input['x_trans_id'] . "',`name`='" . $input['card_holder_name'] . "',`country`='" . $input['x_Country'] . "',`state`='" . $input['x_State'] . "',`city`='" . $input['x_City'] . "',`zip`='" . $input['x_Zip'] . "',`street_address`='" . $input['x_Address'] . "',`email`='" . $input['x_Email'] . "',`phone`='" . $input['x_Phone'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['x_amount'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . addslashes($this->fraud_reason) . "',`date`=now(),`paid_from`='{$now}'"; if (!empty($real_subscr['duration'])) { $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY'; } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$this->is_fraud) { $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $myreturn = true; add_member_score($real_user['user_id'], 'payment'); $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html'); } else { $output['name'] = $input['card_holder_name']; $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html'); $tpl->set_var('output', $output); $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL); // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4 $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['x_trans_id'] . ': ' . $this->fraud_reason); } } } else { // a demo transaction when we're not in demo mode $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($input))); } } else { // paid price doesn't match the subscription price $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($input))); } } else { // if the subscr_id was not found $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($input))); } } else { // if the user_id was not found $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($input))); } } elseif ($input['dm_item_type'] == 'prod') { // no product support for now in Etano } else { // dm_item_type is neither 'prod' nor 'subscr' $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($input))); } } else { $tpl->set_var('gateway_text', $GLOBALS['_lang'][199]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid hash code received after payment: ' . array2qs($input) . '. My hash:' . strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount'])))); } } else { $tpl->set_var('gateway_text', sprintf($GLOBALS['_lang'][200], $input['x_response_reason_text'], $input['x_response_reason_code'])); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error: ' . $input['x_response_reason_text'] . '(' . $input['x_response_reason_code'] . ")\n" . array2qs($input))); } } else { $tpl->set_var('gateway_text', $GLOBALS['_lang'][201]); require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error. Card not processed. ' . array2qs($input))); } return $myreturn; }
redirect2page('info.php', $topass); } $output['lang_273'] = sanitize_and_format($GLOBALS['_lang'][273], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_274'] = sanitize_and_format($GLOBALS['_lang'][274], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_256'] = sanitize_and_format($GLOBALS['_lang'][256], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['return2me'] = 'profile.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'profile.html'); $tpl->set_var('output', $output); $tpl->set_var('tplvars', $tplvars); $tpl->set_loop('categs', $categs); $tpl->set_loop('user_photos', $user_photos); $tpl->set_loop('loop_comments', $loop_comments); $tpl->set_loop('loop_friends', $loop_friends); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL); $tpl->drop_loop('categs'); $tpl->drop_loop('user_photos'); unset($categs); unset($user_photos); $tplvars['page'] = 'profile'; $tplvars['css'] = 'profile.css'; if (is_file('profile_left.php')) { include 'profile_left.php'; } include 'frame.php'; update_stats($uid, 'pviews', 1); add_member_score($uid, 'pview');
trigger_error(mysql_error(), E_USER_ERROR); } // this sucks...the code below is taken from on_after_approve_photo(). In the future, when new functionality that depends on the main photo will be added, we'll have to change the code there and here too. $query = "UPDATE `{$dbtable_prefix}blog_posts` SET `last_changed`='{$now}' WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}comments_blog` SET `last_changed`='{$now}' WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}comments_photo` SET `last_changed`='{$now}' WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } add_member_score($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'del_main_photo'); } foreach ($input['caption'] as $photo_id => $caption) { $query = "UPDATE `{$dbtable_prefix}user_photos` SET `is_private`=" . (isset($input['is_private'][$photo_id]) ? 1 : 0) . ",`allow_comments`=" . (isset($input['allow_comments'][$photo_id]) ? 1 : 0) . ",`last_changed`='{$now}'"; if ($input['is_main'] == $photo_id) { $query .= ",`is_main`=1"; } else { $query .= ",`is_main`=0"; } if (isset($captions_changed[$photo_id])) { $query .= ",`caption`='{$caption}'"; if (!empty($config['manual_photo_approval'])) { $query .= ",`status`=" . STAT_PENDING; } else { // leave as it was - whatever it was. // $query.=",`status`=".STAT_APPROVED;
function process(&$input, $type) { global $dbtable_prefix, $tpl; if (!isset($tpl)) { $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs'); } // require_once _BASEPATH_.'/includes/classes/log_error.class.php'; // new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true))); if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) { // some transformations parse_str($input['custom'], $temp); if (!empty($temp['uid'])) { $input['user_id'] = $temp['uid']; } $input['dm_item_type'] = $temp['dit']; $input['business'] = strtolower($input['business']); $input['receiver_email'] = strtolower($input['receiver_email']); $input['first_name'] = ucwords(strtolower($input['first_name'])); $input['last_name'] = ucwords(strtolower($input['last_name'])); $query = "SELECT get_lock('" . $input['txn_id'] . "',10)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_result($res, 0, 0) == 1) { $query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { // the other process already did the job. Let's release the lock if ($type == 'pdt') { $output = mysql_fetch_assoc($res); // tell member that he will receive everything by email if ($output['is_subscr']) { if ($output['is_suspect']) { $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html'); } else { $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html'); } } else { $tpl->set_file('gateway_text', 'thankyou_prod_nok.html'); } $tpl->set_var('output', $output); $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL); } $query = "SELECT release_lock('" . $input['txn_id'] . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } else { // we arrived before the other process, let's do the dirty work... if ($input['dm_item_type'] == 'subscr') { $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_user = mysql_fetch_assoc($res); if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) { if (strcasecmp($input['payment_status'], 'Completed') == 0) { $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $real_subscr = mysql_fetch_assoc($res); if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) { if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) { require_once _BASEPATH_ . '/includes/iso31661a2.inc.php'; if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) { $input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']]; $input['email'] = $input['payer_email']; $this->check_fraud($input); } else { $this->is_fraud = true; $this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.'; require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST))); } if (!empty($real_subscr['duration'])) { // if the old subscription is not over yet, we need to extend the new one with some days $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $rsrow = mysql_fetch_assoc($res); $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); if ((int) $rsrow['paid_until'] > (int) $time) { $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400; //86400 seconds in a day if ($remaining_days > 0) { $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days; $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration']; $days_append = round($remaining_value / $day_value_new); $real_subscr['duration'] = (int) $real_subscr['duration']; $real_subscr['duration'] += $days_append; } } } } $now = gmdate('Ymd'); // all old active subscriptions end now! $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } // insert the new subscription $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()"; if (!empty($real_subscr['duration'])) { $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY'; } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$this->is_fraud) { $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $myreturn = true; add_member_score($real_user['user_id'], 'payment'); if ($type == 'pdt') { $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html'); } } else { if ($type == 'pdt') { $output['name'] = $input['card_holder_name']; $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html'); $tpl->set_var('output', $output); $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL); } // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4 $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason); } } } else { // a demo transaction when we're not in demo mode if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST))); } } else { // paid price doesn't match the subscription price if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST))); } } else { // if the subscr_id was not found if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST))); } } else { if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][190]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST))); } } elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) { $query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $payment_id = mysql_result($res, 0, 0); $now = gmdate('Ymd'); $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } else { // invalid eot. require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST))); } } else { // unhandled txn_type if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][191]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST))); } } else { // if the user_id was not found if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST))); } } elseif ($input['dm_item_type'] == 'prod') { // no product support for now in Etano require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST))); } else { // dm_item_type is neither 'prod' nor 'subscr' if ($type == 'pdt') { $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]); } require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST))); } // job done, release the lock $query = "SELECT release_lock('" . $input['txn_id'] . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } else { // we could not obtain the lock. // The other process is taking too long but at least this should mean that it is handling this } } else { require_once _BASEPATH_ . '/includes/classes/log_error.class.php'; new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST))); } }