Mercurial > hg > vamp-website

comparison forum/Sources/Profile-Actions.php @ 76:e3e11437ecea website

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add forum code
author Chris Cannam
date Sun, 07 Jul 2013 11:25:48 +0200
parents
children
comparison
equal deleted inserted replaced
75:72f59aa7e503 76:e3e11437ecea
1 <?php
2
3 /**
4 * Simple Machines Forum (SMF)
5 *
6 * @package SMF
7 * @author Simple Machines http://www.simplemachines.org
8 * @copyright 2011 Simple Machines
9 * @license http://www.simplemachines.org/about/smf/license.php BSD
10 *
11 * @version 2.0
12 */
13
14 if (!defined('SMF'))
15 die('Hacking attempt...');
16
17 /* This file contains profile action functions.
18
19 void activateAccount(int id_member)
20 // !!!
21
22 void issueWarning(int id_member)
23 // !!!
24
25 void deleteAccount(int id_member)
26 // !!!
27
28 void deleteAccount2(array profile_variables, array &errors, int id_member)
29 // !!!
30
31 void subscriptions(int id_member)
32 // !!!
33 */
34
35 // Activate an account.
36 function activateAccount($memID)
37 {
38 global $sourcedir, $context, $user_profile, $modSettings;
39
40 isAllowedTo('moderate_forum');
41
42 if (isset($_REQUEST['save']) && isset($user_profile[$memID]['is_activated']) && $user_profile[$memID]['is_activated'] != 1)
43 {
44 // If we are approving the deletion of an account, we do something special ;)
45 if ($user_profile[$memID]['is_activated'] == 4)
46 {
47 require_once($sourcedir . '/Subs-Members.php');
48 deleteMembers($context['id_member']);
49 redirectexit();
50 }
51
52 // Let the integrations know of the activation.
53 call_integration_hook('integrate_activate', array($user_profile[$memID]['member_name']));
54
55 // Actually update this member now, as it guarantees the unapproved count can't get corrupted.
56 updateMemberData($context['id_member'], array('is_activated' => $user_profile[$memID]['is_activated'] >= 10 ? 11 : 1, 'validation_code' => ''));
57
58 // If we are doing approval, update the stats for the member just in case.
59 if (in_array($user_profile[$memID]['is_activated'], array(3, 4, 13, 14)))
60 updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0)));
61
62 // Make sure we update the stats too.
63 updateStats('member', false);
64 }
65
66 // Leave it be...
67 redirectexit('action=profile;u=' . $memID . ';area=summary');
68 }
69
70 // Issue/manage a users warning status.
71 function issueWarning($memID)
72 {
73 global $txt, $scripturl, $modSettings, $user_info, $mbname;
74 global $context, $cur_profile, $memberContext, $smcFunc, $sourcedir;
75
76 // Get all the actual settings.
77 list ($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']);
78
79 // This stores any legitimate errors.
80 $issueErrors = array();
81
82 // Doesn't hurt to be overly cautious.
83 if (empty($modSettings['warning_enable']) || ($context['user']['is_owner'] && !$cur_profile['warning']) || !allowedTo('issue_warning'))
84 fatal_lang_error('no_access', false);
85
86 // Make sure things which are disabled stay disabled.
87 $modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110;
88 $modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110;
89 $modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110;
90
91 $context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit'];
92 $context['member']['warning'] = $cur_profile['warning'];
93 $context['member']['name'] = $cur_profile['real_name'];
94
95 // What are the limits we can apply?
96 $context['min_allowed'] = 0;
97 $context['max_allowed'] = 100;
98 if ($context['warning_limit'] > 0)
99 {
100 // Make sure we cannot go outside of our limit for the day.
101 $request = $smcFunc['db_query']('', '
102 SELECT SUM(counter)
103 FROM {db_prefix}log_comments
104 WHERE id_recipient = {int:selected_member}
105 AND id_member = {int:current_member}
106 AND comment_type = {string:warning}
107 AND log_time > {int:day_time_period}',
108 array(
109 'current_member' => $user_info['id'],
110 'selected_member' => $memID,
111 'day_time_period' => time() - 86400,
112 'warning' => 'warning',
113 )
114 );
115 list ($current_applied) = $smcFunc['db_fetch_row']($request);
116 $smcFunc['db_free_result']($request);
117
118 $context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']);
119 $context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']);
120 }
121
122 // Defaults.
123 $context['warning_data'] = array(
124 'reason' => '',
125 'notify' => '',
126 'notify_subject' => '',
127 'notify_body' => '',
128 );
129
130 // Are we saving?
131 if (isset($_POST['save']))
132 {
133 // Security is good here.
134 checkSession('post');
135
136 // This cannot be empty!
137 $_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : '';
138 if ($_POST['warn_reason'] == '' && !$context['user']['is_owner'])
139 $issueErrors[] = 'warning_no_reason';
140 $_POST['warn_reason'] = $smcFunc['htmlspecialchars']($_POST['warn_reason']);
141
142 // If the value hasn't changed it's either no JS or a real no change (Which this will pass)
143 if ($_POST['warning_level'] == 'SAME')
144 $_POST['warning_level'] = $_POST['warning_level_nojs'];
145
146 $_POST['warning_level'] = (int) $_POST['warning_level'];
147 $_POST['warning_level'] = max(0, min(100, $_POST['warning_level']));
148 if ($_POST['warning_level'] < $context['min_allowed'])
149 $_POST['warning_level'] = $context['min_allowed'];
150 elseif ($_POST['warning_level'] > $context['max_allowed'])
151 $_POST['warning_level'] = $context['max_allowed'];
152
153 // Do we actually have to issue them with a PM?
154 $id_notice = 0;
155 if (!empty($_POST['warn_notify']) && empty($issueErrors))
156 {
157 $_POST['warn_sub'] = trim($_POST['warn_sub']);
158 $_POST['warn_body'] = trim($_POST['warn_body']);
159 if (empty($_POST['warn_sub']) || empty($_POST['warn_body']))
160 $issueErrors[] = 'warning_notify_blank';
161 // Send the PM?
162 else
163 {
164 require_once($sourcedir . '/Subs-Post.php');
165 $from = array(
166 'id' => 0,
167 'name' => $context['forum_name'],
168 'username' => $context['forum_name'],
169 );
170 sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from);
171
172 // Log the notice!
173 $smcFunc['db_insert']('',
174 '{db_prefix}log_member_notices',
175 array(
176 'subject' => 'string-255', 'body' => 'string-65534',
177 ),
178 array(
179 $smcFunc['htmlspecialchars']($_POST['warn_sub']), $smcFunc['htmlspecialchars']($_POST['warn_body']),
180 ),
181 array('id_notice')
182 );
183 $id_notice = $smcFunc['db_insert_id']('{db_prefix}log_member_notices', 'id_notice');
184 }
185 }
186
187 // Just in case - make sure notice is valid!
188 $id_notice = (int) $id_notice;
189
190 // What have we changed?
191 $level_change = $_POST['warning_level'] - $cur_profile['warning'];
192
193 // No errors? Proceed! Only log if you're not the owner.
194 if (empty($issueErrors))
195 {
196 // Log what we've done!
197 if (!$context['user']['is_owner'])
198 $smcFunc['db_insert']('',
199 '{db_prefix}log_comments',
200 array(
201 'id_member' => 'int', 'member_name' => 'string', 'comment_type' => 'string', 'id_recipient' => 'int', 'recipient_name' => 'string-255',
202 'log_time' => 'int', 'id_notice' => 'int', 'counter' => 'int', 'body' => 'string-65534',
203 ),
204 array(
205 $user_info['id'], $user_info['name'], 'warning', $memID, $cur_profile['real_name'],
206 time(), $id_notice, $level_change, $_POST['warn_reason'],
207 ),
208 array('id_comment')
209 );
210
211 // Make the change.
212 updateMemberData($memID, array('warning' => $_POST['warning_level']));
213
214 // Leave a lovely message.
215 $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success'];
216 }
217 else
218 {
219 // Get the base stuff done.
220 loadLanguage('Errors');
221 $context['custom_error_title'] = $txt['profile_warning_errors_occured'];
222
223 // Fill in the suite of errors.
224 $context['post_errors'] = array();
225 foreach ($issueErrors as $error)
226 $context['post_errors'][] = $txt[$error];
227
228 // Try to remember some bits.
229 $context['warning_data'] = array(
230 'reason' => $_POST['warn_reason'],
231 'notify' => !empty($_POST['warn_notify']),
232 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '',
233 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '',
234 );
235 }
236
237 // Show the new improved warning level.
238 $context['member']['warning'] = $_POST['warning_level'];
239 }
240
241 $context['page_title'] = $txt['profile_issue_warning'];
242
243 // Work our the various levels.
244 $context['level_effects'] = array(
245 0 => $txt['profile_warning_effect_none'],
246 $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'],
247 $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'],
248 $modSettings['warning_mute'] => $txt['profile_warning_effect_mute'],
249 );
250 $context['current_level'] = 0;
251 foreach ($context['level_effects'] as $limit => $dummy)
252 if ($context['member']['warning'] >= $limit)
253 $context['current_level'] = $limit;
254
255 // Load up all the old warnings - count first!
256 $context['total_warnings'] = list_getUserWarningCount($memID);
257
258 // Make the page index.
259 $context['start'] = (int) $_REQUEST['start'];
260 $perPage = (int) $modSettings['defaultMaxMessages'];
261 $context['page_index'] = constructPageIndex($scripturl . '?action=profile;u=' . $memID . ';area=issuewarning', $context['start'], $context['total_warnings'], $perPage);
262
263 // Now do the data itself.
264 $context['previous_warnings'] = list_getUserWarnings($context['start'], $perPage, 'log_time DESC', $memID);
265
266 // Are they warning because of a message?
267 if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg'])
268 {
269 $request = $smcFunc['db_query']('', '
270 SELECT subject
271 FROM {db_prefix}messages AS m
272 INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
273 WHERE id_msg = {int:message}
274 AND {query_see_board}
275 LIMIT 1',
276 array(
277 'message' => (int) $_REQUEST['msg'],
278 )
279 );
280 if ($smcFunc['db_num_rows']($request) != 0)
281 {
282 $context['warning_for_message'] = (int) $_REQUEST['msg'];
283 list ($context['warned_message_subject']) = $smcFunc['db_fetch_row']($request);
284 }
285 $smcFunc['db_free_result']($request);
286
287 }
288
289 // Didn't find the message?
290 if (empty($context['warning_for_message']))
291 {
292 $context['warning_for_message'] = 0;
293 $context['warned_message_subject'] = '';
294 }
295
296 // Any custom templates?
297 $context['notification_templates'] = array();
298
299 $request = $smcFunc['db_query']('', '
300 SELECT recipient_name AS template_title, body
301 FROM {db_prefix}log_comments
302 WHERE comment_type = {string:warntpl}
303 AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})',
304 array(
305 'warntpl' => 'warntpl',
306 'generic' => 0,
307 'current_member' => $user_info['id'],
308 )
309 );
310 while ($row = $smcFunc['db_fetch_assoc']($request))
311 {
312 // If we're not warning for a message skip any that are.
313 if (!$context['warning_for_message'] && strpos($row['body'], '{MESSAGE}') !== false)
314 continue;
315
316 $context['notification_templates'][] = array(
317 'title' => $row['template_title'],
318 'body' => $row['body'],
319 );
320 }
321 $smcFunc['db_free_result']($request);
322
323 // Setup the "default" templates.
324 foreach (array('spamming', 'offence', 'insulting') as $type)
325 $context['notification_templates'][] = array(
326 'title' => $txt['profile_warning_notify_title_' . $type],
327 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($context['warning_for_message']) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type]),
328 );
329
330 // Replace all the common variables in the templates.
331 foreach ($context['notification_templates'] as $k => $name)
332 $context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $context['warning_for_message'] . ']' . un_htmlspecialchars($context['warned_message_subject']) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => $txt['regards_team']));
333 }
334
335 // Get the number of warnings a user has.
336 function list_getUserWarningCount($memID)
337 {
338 global $smcFunc;
339
340 $request = $smcFunc['db_query']('', '
341 SELECT COUNT(*)
342 FROM {db_prefix}log_comments
343 WHERE id_recipient = {int:selected_member}
344 AND comment_type = {string:warning}',
345 array(
346 'selected_member' => $memID,
347 'warning' => 'warning',
348 )
349 );
350 list ($total_warnings) = $smcFunc['db_fetch_row']($request);
351 $smcFunc['db_free_result']($request);
352
353 return $total_warnings;
354 }
355
356 // Get the data about a users warnings.
357 function list_getUserWarnings($start, $items_per_page, $sort, $memID)
358 {
359 global $smcFunc, $scripturl;
360
361 $request = $smcFunc['db_query']('', '
362 SELECT IFNULL(mem.id_member, 0) AS id_member, IFNULL(mem.real_name, lc.member_name) AS member_name,
363 lc.log_time, lc.body, lc.counter, lc.id_notice
364 FROM {db_prefix}log_comments AS lc
365 LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lc.id_member)
366 WHERE lc.id_recipient = {int:selected_member}
367 AND lc.comment_type = {string:warning}
368 ORDER BY ' . $sort . '
369 LIMIT ' . $start . ', ' . $items_per_page,
370 array(
371 'selected_member' => $memID,
372 'warning' => 'warning',
373 )
374 );
375 $previous_warnings = array();
376 while ($row = $smcFunc['db_fetch_assoc']($request))
377 {
378 $previous_warnings[] = array(
379 'issuer' => array(
380 'id' => $row['id_member'],
381 'link' => $row['id_member'] ? ('<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['member_name'] . '</a>') : $row['member_name'],
382 ),
383 'time' => timeformat($row['log_time']),
384 'reason' => $row['body'],
385 'counter' => $row['counter'] > 0 ? '+' . $row['counter'] : $row['counter'],
386 'id_notice' => $row['id_notice'],
387 );
388 }
389 $smcFunc['db_free_result']($request);
390
391 return $previous_warnings;
392 }
393
394 // Present a screen to make sure the user wants to be deleted
395 function deleteAccount($memID)
396 {
397 global $txt, $context, $user_info, $modSettings, $cur_profile, $smcFunc;
398
399 if (!$context['user']['is_owner'])
400 isAllowedTo('profile_remove_any');
401 elseif (!allowedTo('profile_remove_any'))
402 isAllowedTo('profile_remove_own');
403
404 // Permissions for removing stuff...
405 $context['can_delete_posts'] = !$context['user']['is_owner'] && allowedTo('moderate_forum');
406
407 // Can they do this, or will they need approval?
408 $context['needs_approval'] = $context['user']['is_owner'] && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum');
409 $context['page_title'] = $txt['deleteAccount'] . ': ' . $cur_profile['real_name'];
410 }
411
412 function deleteAccount2($profile_vars, $post_errors, $memID)
413 {
414 global $user_info, $sourcedir, $context, $cur_profile, $modSettings, $smcFunc;
415
416 // Try get more time...
417 @set_time_limit(600);
418
419 // !!! Add a way to delete pms as well?
420
421 if (!$context['user']['is_owner'])
422 isAllowedTo('profile_remove_any');
423 elseif (!allowedTo('profile_remove_any'))
424 isAllowedTo('profile_remove_own');
425
426 checkSession();
427
428 $old_profile = &$cur_profile;
429
430 // Too often, people remove/delete their own only account.
431 if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1)
432 {
433 // Are you allowed to administrate the forum, as they are?
434 isAllowedTo('admin_forum');
435
436 $request = $smcFunc['db_query']('', '
437 SELECT id_member
438 FROM {db_prefix}members
439 WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
440 AND id_member != {int:selected_member}
441 LIMIT 1',
442 array(
443 'admin_group' => 1,
444 'selected_member' => $memID,
445 )
446 );
447 list ($another) = $smcFunc['db_fetch_row']($request);
448 $smcFunc['db_free_result']($request);
449
450 if (empty($another))
451 fatal_lang_error('at_least_one_admin', 'critical');
452 }
453
454 // This file is needed for the deleteMembers function.
455 require_once($sourcedir . '/Subs-Members.php');
456
457 // Do you have permission to delete others profiles, or is that your profile you wanna delete?
458 if ($memID != $user_info['id'])
459 {
460 isAllowedTo('profile_remove_any');
461
462 // Now, have you been naughty and need your posts deleting?
463 // !!! Should this check board permissions?
464 if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum'))
465 {
466 // Include RemoveTopics - essential for this type of work!
467 require_once($sourcedir . '/RemoveTopic.php');
468
469 // First off we delete any topics the member has started - if they wanted topics being done.
470 if ($_POST['remove_type'] == 'topics')
471 {
472 // Fetch all topics started by this user within the time period.
473 $request = $smcFunc['db_query']('', '
474 SELECT t.id_topic
475 FROM {db_prefix}topics AS t
476 WHERE t.id_member_started = {int:selected_member}',
477 array(
478 'selected_member' => $memID,
479 )
480 );
481 $topicIDs = array();
482 while ($row = $smcFunc['db_fetch_assoc']($request))
483 $topicIDs[] = $row['id_topic'];
484 $smcFunc['db_free_result']($request);
485
486 // Actually remove the topics.
487 // !!! This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had.
488 removeTopics($topicIDs);
489 }
490
491 // Now delete the remaining messages.
492 $request = $smcFunc['db_query']('', '
493 SELECT m.id_msg
494 FROM {db_prefix}messages AS m
495 INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic
496 AND t.id_first_msg != m.id_msg)
497 WHERE m.id_member = {int:selected_member}',
498 array(
499 'selected_member' => $memID,
500 )
501 );
502 // This could take a while... but ya know it's gonna be worth it in the end.
503 while ($row = $smcFunc['db_fetch_assoc']($request))
504 {
505 if (function_exists('apache_reset_timeout'))
506 @apache_reset_timeout();
507
508 removeMessage($row['id_msg']);
509 }
510 $smcFunc['db_free_result']($request);
511 }
512
513 // Only delete this poor members account if they are actually being booted out of camp.
514 if (isset($_POST['deleteAccount']))
515 deleteMembers($memID);
516 }
517 // Do they need approval to delete?
518 elseif (empty($post_errors) && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum'))
519 {
520 // Setup their account for deletion ;)
521 updateMemberData($memID, array('is_activated' => 4));
522 // Another account needs approval...
523 updateSettings(array('unapprovedMembers' => true), true);
524 }
525 // Also check if you typed your password correctly.
526 elseif (empty($post_errors))
527 {
528 deleteMembers($memID);
529
530 require_once($sourcedir . '/LogInOut.php');
531 LogOut(true);
532
533 redirectExit();
534 }
535 }
536
537 // Function for doing all the paid subscription stuff - kinda.
538 function subscriptions($memID)
539 {
540 global $context, $txt, $sourcedir, $modSettings, $smcFunc, $scripturl;
541
542 // Load the paid template anyway.
543 loadTemplate('ManagePaid');
544 loadLanguage('ManagePaid');
545
546 // Load all of the subscriptions.
547 require_once($sourcedir . '/ManagePaid.php');
548 loadSubscriptions();
549 $context['member']['id'] = $memID;
550
551 // Remove any invalid ones.
552 foreach ($context['subscriptions'] as $id => $sub)
553 {
554 // Work out the costs.
555 $costs = @unserialize($sub['real_cost']);
556
557 $cost_array = array();
558 if ($sub['real_length'] == 'F')
559 {
560 foreach ($costs as $duration => $cost)
561 {
562 if ($cost != 0)
563 $cost_array[$duration] = $cost;
564 }
565 }
566 else
567 {
568 $cost_array['fixed'] = $costs['fixed'];
569 }
570
571 if (empty($cost_array))
572 unset($context['subscriptions'][$id]);
573 else
574 {
575 $context['subscriptions'][$id]['member'] = 0;
576 $context['subscriptions'][$id]['subscribed'] = false;
577 $context['subscriptions'][$id]['costs'] = $cost_array;
578 }
579 }
580
581 // Work out what gateways are enabled.
582 $gateways = loadPaymentGateways();
583 foreach ($gateways as $id => $gateway)
584 {
585 $gateways[$id] = new $gateway['display_class']();
586 if (!$gateways[$id]->gatewayEnabled())
587 unset($gateways[$id]);
588 }
589
590 // No gateways yet?
591 if (empty($gateways))
592 fatal_error($txt['paid_admin_not_setup_gateway']);
593
594 // Get the current subscriptions.
595 $request = $smcFunc['db_query']('', '
596 SELECT id_sublog, id_subscribe, start_time, end_time, status, payments_pending, pending_details
597 FROM {db_prefix}log_subscribed
598 WHERE id_member = {int:selected_member}',
599 array(
600 'selected_member' => $memID,
601 )
602 );
603 $context['current'] = array();
604 while ($row = $smcFunc['db_fetch_assoc']($request))
605 {
606 // The subscription must exist!
607 if (!isset($context['subscriptions'][$row['id_subscribe']]))
608 continue;
609
610 $context['current'][$row['id_subscribe']] = array(
611 'id' => $row['id_sublog'],
612 'sub_id' => $row['id_subscribe'],
613 'hide' => $row['status'] == 0 && $row['end_time'] == 0 && $row['payments_pending'] == 0,
614 'name' => $context['subscriptions'][$row['id_subscribe']]['name'],
615 'start' => timeformat($row['start_time'], false),
616 'end' => $row['end_time'] == 0 ? $txt['not_applicable'] : timeformat($row['end_time'], false),
617 'pending_details' => $row['pending_details'],
618 'status' => $row['status'],
619 'status_text' => $row['status'] == 0 ? ($row['payments_pending'] ? $txt['paid_pending'] : $txt['paid_finished']) : $txt['paid_active'],
620 );
621
622 if ($row['status'] == 1)
623 $context['subscriptions'][$row['id_subscribe']]['subscribed'] = true;
624 }
625 $smcFunc['db_free_result']($request);
626
627 // Simple "done"?
628 if (isset($_GET['done']))
629 {
630 $_GET['sub_id'] = (int) $_GET['sub_id'];
631
632 // Must exist but let's be sure...
633 if (isset($context['current'][$_GET['sub_id']]))
634 {
635 // What are the details like?
636 $current_pending = @unserialize($context['current'][$_GET['sub_id']]['pending_details']);
637 if (!empty($current_pending))
638 {
639 $current_pending = array_reverse($current_pending);
640 foreach ($current_pending as $id => $sub)
641 {
642 // Just find one and change it.
643 if ($sub[0] == $_GET['sub_id'] && $sub[3] == 'prepay')
644 {
645 $current_pending[$id][3] = 'payback';
646 break;
647 }
648 }
649
650 // Save the details back.
651 $pending_details = serialize($current_pending);
652
653 $smcFunc['db_query']('', '
654 UPDATE {db_prefix}log_subscribed
655 SET payments_pending = payments_pending + 1, pending_details = {string:pending_details}
656 WHERE id_sublog = {int:current_subscription_id}
657 AND id_member = {int:selected_member}',
658 array(
659 'current_subscription_id' => $context['current'][$_GET['sub_id']]['id'],
660 'selected_member' => $memID,
661 'pending_details' => $pending_details,
662 )
663 );
664 }
665 }
666
667 $context['sub_template'] = 'paid_done';
668 return;
669 }
670 // If this is confirmation then it's simpler...
671 if (isset($_GET['confirm']) && isset($_POST['sub_id']) && is_array($_POST['sub_id']))
672 {
673 // Hopefully just one.
674 foreach ($_POST['sub_id'] as $k => $v)
675 $ID_SUB = (int) $k;
676
677 if (!isset($context['subscriptions'][$ID_SUB]) || $context['subscriptions'][$ID_SUB]['active'] == 0)
678 fatal_lang_error('paid_sub_not_active');
679
680 // Simplify...
681 $context['sub'] = $context['subscriptions'][$ID_SUB];
682 $period = 'xx';
683 if ($context['sub']['flexible'])
684 $period = isset($_POST['cur'][$ID_SUB]) && isset($context['sub']['costs'][$_POST['cur'][$ID_SUB]]) ? $_POST['cur'][$ID_SUB] : 'xx';
685
686 // Check we have a valid cost.
687 if ($context['sub']['flexible'] && $period == 'xx')
688 fatal_lang_error('paid_sub_not_active');
689
690 // Sort out the cost/currency.
691 $context['currency'] = $modSettings['paid_currency_code'];
692 $context['recur'] = $context['sub']['repeatable'];
693
694 if ($context['sub']['flexible'])
695 {
696 // Real cost...
697 $context['value'] = $context['sub']['costs'][$_POST['cur'][$ID_SUB]];
698 $context['cost'] = sprintf($modSettings['paid_currency_symbol'], $context['value']) . '/' . $txt[$_POST['cur'][$ID_SUB]];
699 // The period value for paypal.
700 $context['paypal_period'] = strtoupper(substr($_POST['cur'][$ID_SUB], 0, 1));
701 }
702 else
703 {
704 // Real cost...
705 $context['value'] = $context['sub']['costs']['fixed'];
706 $context['cost'] = sprintf($modSettings['paid_currency_symbol'], $context['value']);
707
708 // Recur?
709 preg_match('~(\d*)(\w)~', $context['sub']['real_length'], $match);
710 $context['paypal_unit'] = $match[1];
711 $context['paypal_period'] = $match[2];
712 }
713
714 // Setup the gateway context.
715 $context['gateways'] = array();
716 foreach ($gateways as $id => $gateway)
717 {
718 $fields = $gateways[$id]->fetchGatewayFields($context['sub']['id'] . '+' . $memID, $context['sub'], $context['value'], $period, $scripturl . '?action=profile;u=' . $memID . ';area=subscriptions;sub_id=' . $context['sub']['id'] . ';done');
719 if (!empty($fields['form']))
720 $context['gateways'][] = $fields;
721 }
722
723 // Bugger?!
724 if (empty($context['gateways']))
725 fatal_error($txt['paid_admin_not_setup_gateway']);
726
727 // Now we are going to assume they want to take this out ;)
728 $new_data = array($context['sub']['id'], $context['value'], $period, 'prepay');
729 if (isset($context['current'][$context['sub']['id']]))
730 {
731 // What are the details like?
732 $current_pending = array();
733 if ($context['current'][$context['sub']['id']]['pending_details'] != '')
734 $current_pending = @unserialize($context['current'][$context['sub']['id']]['pending_details']);
735 // Don't get silly.
736 if (count($current_pending) > 9)
737 $current_pending = array();
738 $pending_count = 0;
739 // Only record real pending payments as will otherwise confuse the admin!
740 foreach ($current_pending as $pending)
741 if ($pending[3] == 'payback')
742 $pending_count++;
743
744 if (!in_array($new_data, $current_pending))
745 {
746 $current_pending[] = $new_data;
747 $pending_details = serialize($current_pending);
748
749 $smcFunc['db_query']('', '
750 UPDATE {db_prefix}log_subscribed
751 SET payments_pending = {int:pending_count}, pending_details = {string:pending_details}
752 WHERE id_sublog = {int:current_subscription_item}
753 AND id_member = {int:selected_member}',
754 array(
755 'pending_count' => $pending_count,
756 'current_subscription_item' => $context['current'][$context['sub']['id']]['id'],
757 'selected_member' => $memID,
758 'pending_details' => $pending_details,
759 )
760 );
761 }
762
763 }
764 // Never had this before, lovely.
765 else
766 {
767 $pending_details = serialize(array($new_data));
768 $smcFunc['db_insert']('',
769 '{db_prefix}log_subscribed',
770 array(
771 'id_subscribe' => 'int', 'id_member' => 'int', 'status' => 'int', 'payments_pending' => 'int', 'pending_details' => 'string-65534',
772 'start_time' => 'int', 'vendor_ref' => 'string-255',
773 ),
774 array(
775 $context['sub']['id'], $memID, 0, 0, $pending_details,
776 time(), '',
777 ),
778 array('id_sublog')
779 );
780 }
781
782 // Change the template.
783 $context['sub_template'] = 'choose_payment';
784
785 // Quit.
786 return;
787 }
788 else
789 $context['sub_template'] = 'user_subscription';
790 }
791
792 ?>