Profile-Actions.php 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792
  1. <?php
  2. /**
  3. * Simple Machines Forum (SMF)
  4. *
  5. * @package SMF
  6. * @author Simple Machines http://www.simplemachines.org
  7. * @copyright 2011 Simple Machines
  8. * @license http://www.simplemachines.org/about/smf/license.php BSD
  9. *
  10. * @version 2.0
  11. */
  12. if (!defined('SMF'))
  13. die('Hacking attempt...');
  14. /* This file contains profile action functions.
  15. void activateAccount(int id_member)
  16. // !!!
  17. void issueWarning(int id_member)
  18. // !!!
  19. void deleteAccount(int id_member)
  20. // !!!
  21. void deleteAccount2(array profile_variables, array &errors, int id_member)
  22. // !!!
  23. void subscriptions(int id_member)
  24. // !!!
  25. */
  26. // Activate an account.
  27. function activateAccount($memID)
  28. {
  29. global $sourcedir, $context, $user_profile, $modSettings;
  30. isAllowedTo('moderate_forum');
  31. if (isset($_REQUEST['save']) && isset($user_profile[$memID]['is_activated']) && $user_profile[$memID]['is_activated'] != 1)
  32. {
  33. // If we are approving the deletion of an account, we do something special ;)
  34. if ($user_profile[$memID]['is_activated'] == 4)
  35. {
  36. require_once($sourcedir . '/Subs-Members.php');
  37. deleteMembers($context['id_member']);
  38. redirectexit();
  39. }
  40. // Let the integrations know of the activation.
  41. call_integration_hook('integrate_activate', array($user_profile[$memID]['member_name']));
  42. // Actually update this member now, as it guarantees the unapproved count can't get corrupted.
  43. updateMemberData($context['id_member'], array('is_activated' => $user_profile[$memID]['is_activated'] >= 10 ? 11 : 1, 'validation_code' => ''));
  44. // If we are doing approval, update the stats for the member just in case.
  45. if (in_array($user_profile[$memID]['is_activated'], array(3, 4, 13, 14)))
  46. updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0)));
  47. // Make sure we update the stats too.
  48. updateStats('member', false);
  49. }
  50. // Leave it be...
  51. redirectexit('action=profile;u=' . $memID . ';area=summary');
  52. }
  53. // Issue/manage a users warning status.
  54. function issueWarning($memID)
  55. {
  56. global $txt, $scripturl, $modSettings, $user_info, $mbname;
  57. global $context, $cur_profile, $memberContext, $smcFunc, $sourcedir;
  58. // Get all the actual settings.
  59. list ($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']);
  60. // This stores any legitimate errors.
  61. $issueErrors = array();
  62. // Doesn't hurt to be overly cautious.
  63. if (empty($modSettings['warning_enable']) || ($context['user']['is_owner'] && !$cur_profile['warning']) || !allowedTo('issue_warning'))
  64. fatal_lang_error('no_access', false);
  65. // Make sure things which are disabled stay disabled.
  66. $modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110;
  67. $modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110;
  68. $modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110;
  69. $context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit'];
  70. $context['member']['warning'] = $cur_profile['warning'];
  71. $context['member']['name'] = $cur_profile['real_name'];
  72. // What are the limits we can apply?
  73. $context['min_allowed'] = 0;
  74. $context['max_allowed'] = 100;
  75. if ($context['warning_limit'] > 0)
  76. {
  77. // Make sure we cannot go outside of our limit for the day.
  78. $request = $smcFunc['db_query']('', '
  79. SELECT SUM(counter)
  80. FROM {db_prefix}log_comments
  81. WHERE id_recipient = {int:selected_member}
  82. AND id_member = {int:current_member}
  83. AND comment_type = {string:warning}
  84. AND log_time > {int:day_time_period}',
  85. array(
  86. 'current_member' => $user_info['id'],
  87. 'selected_member' => $memID,
  88. 'day_time_period' => time() - 86400,
  89. 'warning' => 'warning',
  90. )
  91. );
  92. list ($current_applied) = $smcFunc['db_fetch_row']($request);
  93. $smcFunc['db_free_result']($request);
  94. $context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']);
  95. $context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']);
  96. }
  97. // Defaults.
  98. $context['warning_data'] = array(
  99. 'reason' => '',
  100. 'notify' => '',
  101. 'notify_subject' => '',
  102. 'notify_body' => '',
  103. );
  104. // Are we saving?
  105. if (isset($_POST['save']))
  106. {
  107. // Security is good here.
  108. checkSession('post');
  109. // This cannot be empty!
  110. $_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : '';
  111. if ($_POST['warn_reason'] == '' && !$context['user']['is_owner'])
  112. $issueErrors[] = 'warning_no_reason';
  113. $_POST['warn_reason'] = $smcFunc['htmlspecialchars']($_POST['warn_reason']);
  114. // If the value hasn't changed it's either no JS or a real no change (Which this will pass)
  115. if ($_POST['warning_level'] == 'SAME')
  116. $_POST['warning_level'] = $_POST['warning_level_nojs'];
  117. $_POST['warning_level'] = (int) $_POST['warning_level'];
  118. $_POST['warning_level'] = max(0, min(100, $_POST['warning_level']));
  119. if ($_POST['warning_level'] < $context['min_allowed'])
  120. $_POST['warning_level'] = $context['min_allowed'];
  121. elseif ($_POST['warning_level'] > $context['max_allowed'])
  122. $_POST['warning_level'] = $context['max_allowed'];
  123. // Do we actually have to issue them with a PM?
  124. $id_notice = 0;
  125. if (!empty($_POST['warn_notify']) && empty($issueErrors))
  126. {
  127. $_POST['warn_sub'] = trim($_POST['warn_sub']);
  128. $_POST['warn_body'] = trim($_POST['warn_body']);
  129. if (empty($_POST['warn_sub']) || empty($_POST['warn_body']))
  130. $issueErrors[] = 'warning_notify_blank';
  131. // Send the PM?
  132. else
  133. {
  134. require_once($sourcedir . '/Subs-Post.php');
  135. $from = array(
  136. 'id' => 0,
  137. 'name' => $context['forum_name'],
  138. 'username' => $context['forum_name'],
  139. );
  140. sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from);
  141. // Log the notice!
  142. $smcFunc['db_insert']('',
  143. '{db_prefix}log_member_notices',
  144. array(
  145. 'subject' => 'string-255', 'body' => 'string-65534',
  146. ),
  147. array(
  148. $smcFunc['htmlspecialchars']($_POST['warn_sub']), $smcFunc['htmlspecialchars']($_POST['warn_body']),
  149. ),
  150. array('id_notice')
  151. );
  152. $id_notice = $smcFunc['db_insert_id']('{db_prefix}log_member_notices', 'id_notice');
  153. }
  154. }
  155. // Just in case - make sure notice is valid!
  156. $id_notice = (int) $id_notice;
  157. // What have we changed?
  158. $level_change = $_POST['warning_level'] - $cur_profile['warning'];
  159. // No errors? Proceed! Only log if you're not the owner.
  160. if (empty($issueErrors))
  161. {
  162. // Log what we've done!
  163. if (!$context['user']['is_owner'])
  164. $smcFunc['db_insert']('',
  165. '{db_prefix}log_comments',
  166. array(
  167. 'id_member' => 'int', 'member_name' => 'string', 'comment_type' => 'string', 'id_recipient' => 'int', 'recipient_name' => 'string-255',
  168. 'log_time' => 'int', 'id_notice' => 'int', 'counter' => 'int', 'body' => 'string-65534',
  169. ),
  170. array(
  171. $user_info['id'], $user_info['name'], 'warning', $memID, $cur_profile['real_name'],
  172. time(), $id_notice, $level_change, $_POST['warn_reason'],
  173. ),
  174. array('id_comment')
  175. );
  176. // Make the change.
  177. updateMemberData($memID, array('warning' => $_POST['warning_level']));
  178. // Leave a lovely message.
  179. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success'];
  180. }
  181. else
  182. {
  183. // Get the base stuff done.
  184. loadLanguage('Errors');
  185. $context['custom_error_title'] = $txt['profile_warning_errors_occured'];
  186. // Fill in the suite of errors.
  187. $context['post_errors'] = array();
  188. foreach ($issueErrors as $error)
  189. $context['post_errors'][] = $txt[$error];
  190. // Try to remember some bits.
  191. $context['warning_data'] = array(
  192. 'reason' => $_POST['warn_reason'],
  193. 'notify' => !empty($_POST['warn_notify']),
  194. 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '',
  195. 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '',
  196. );
  197. }
  198. // Show the new improved warning level.
  199. $context['member']['warning'] = $_POST['warning_level'];
  200. }
  201. $context['page_title'] = $txt['profile_issue_warning'];
  202. // Work our the various levels.
  203. $context['level_effects'] = array(
  204. 0 => $txt['profile_warning_effect_none'],
  205. $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'],
  206. $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'],
  207. $modSettings['warning_mute'] => $txt['profile_warning_effect_mute'],
  208. );
  209. $context['current_level'] = 0;
  210. foreach ($context['level_effects'] as $limit => $dummy)
  211. if ($context['member']['warning'] >= $limit)
  212. $context['current_level'] = $limit;
  213. // Load up all the old warnings - count first!
  214. $context['total_warnings'] = list_getUserWarningCount($memID);
  215. // Make the page index.
  216. $context['start'] = (int) $_REQUEST['start'];
  217. $perPage = (int) $modSettings['defaultMaxMessages'];
  218. $context['page_index'] = constructPageIndex($scripturl . '?action=profile;u=' . $memID . ';area=issuewarning', $context['start'], $context['total_warnings'], $perPage);
  219. // Now do the data itself.
  220. $context['previous_warnings'] = list_getUserWarnings($context['start'], $perPage, 'log_time DESC', $memID);
  221. // Are they warning because of a message?
  222. if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg'])
  223. {
  224. $request = $smcFunc['db_query']('', '
  225. SELECT subject
  226. FROM {db_prefix}messages AS m
  227. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board)
  228. WHERE id_msg = {int:message}
  229. AND {query_see_board}
  230. LIMIT 1',
  231. array(
  232. 'message' => (int) $_REQUEST['msg'],
  233. )
  234. );
  235. if ($smcFunc['db_num_rows']($request) != 0)
  236. {
  237. $context['warning_for_message'] = (int) $_REQUEST['msg'];
  238. list ($context['warned_message_subject']) = $smcFunc['db_fetch_row']($request);
  239. }
  240. $smcFunc['db_free_result']($request);
  241. }
  242. // Didn't find the message?
  243. if (empty($context['warning_for_message']))
  244. {
  245. $context['warning_for_message'] = 0;
  246. $context['warned_message_subject'] = '';
  247. }
  248. // Any custom templates?
  249. $context['notification_templates'] = array();
  250. $request = $smcFunc['db_query']('', '
  251. SELECT recipient_name AS template_title, body
  252. FROM {db_prefix}log_comments
  253. WHERE comment_type = {string:warntpl}
  254. AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})',
  255. array(
  256. 'warntpl' => 'warntpl',
  257. 'generic' => 0,
  258. 'current_member' => $user_info['id'],
  259. )
  260. );
  261. while ($row = $smcFunc['db_fetch_assoc']($request))
  262. {
  263. // If we're not warning for a message skip any that are.
  264. if (!$context['warning_for_message'] && strpos($row['body'], '{MESSAGE}') !== false)
  265. continue;
  266. $context['notification_templates'][] = array(
  267. 'title' => $row['template_title'],
  268. 'body' => $row['body'],
  269. );
  270. }
  271. $smcFunc['db_free_result']($request);
  272. // Setup the "default" templates.
  273. foreach (array('spamming', 'offence', 'insulting') as $type)
  274. $context['notification_templates'][] = array(
  275. 'title' => $txt['profile_warning_notify_title_' . $type],
  276. 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($context['warning_for_message']) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type]),
  277. );
  278. // Replace all the common variables in the templates.
  279. foreach ($context['notification_templates'] as $k => $name)
  280. $context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $context['warning_for_message'] . ']' . un_htmlspecialchars($context['warned_message_subject']) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => $txt['regards_team']));
  281. }
  282. // Get the number of warnings a user has.
  283. function list_getUserWarningCount($memID)
  284. {
  285. global $smcFunc;
  286. $request = $smcFunc['db_query']('', '
  287. SELECT COUNT(*)
  288. FROM {db_prefix}log_comments
  289. WHERE id_recipient = {int:selected_member}
  290. AND comment_type = {string:warning}',
  291. array(
  292. 'selected_member' => $memID,
  293. 'warning' => 'warning',
  294. )
  295. );
  296. list ($total_warnings) = $smcFunc['db_fetch_row']($request);
  297. $smcFunc['db_free_result']($request);
  298. return $total_warnings;
  299. }
  300. // Get the data about a users warnings.
  301. function list_getUserWarnings($start, $items_per_page, $sort, $memID)
  302. {
  303. global $smcFunc, $scripturl;
  304. $request = $smcFunc['db_query']('', '
  305. SELECT IFNULL(mem.id_member, 0) AS id_member, IFNULL(mem.real_name, lc.member_name) AS member_name,
  306. lc.log_time, lc.body, lc.counter, lc.id_notice
  307. FROM {db_prefix}log_comments AS lc
  308. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lc.id_member)
  309. WHERE lc.id_recipient = {int:selected_member}
  310. AND lc.comment_type = {string:warning}
  311. ORDER BY ' . $sort . '
  312. LIMIT ' . $start . ', ' . $items_per_page,
  313. array(
  314. 'selected_member' => $memID,
  315. 'warning' => 'warning',
  316. )
  317. );
  318. $previous_warnings = array();
  319. while ($row = $smcFunc['db_fetch_assoc']($request))
  320. {
  321. $previous_warnings[] = array(
  322. 'issuer' => array(
  323. 'id' => $row['id_member'],
  324. 'link' => $row['id_member'] ? ('<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['member_name'] . '</a>') : $row['member_name'],
  325. ),
  326. 'time' => timeformat($row['log_time']),
  327. 'reason' => $row['body'],
  328. 'counter' => $row['counter'] > 0 ? '+' . $row['counter'] : $row['counter'],
  329. 'id_notice' => $row['id_notice'],
  330. );
  331. }
  332. $smcFunc['db_free_result']($request);
  333. return $previous_warnings;
  334. }
  335. // Present a screen to make sure the user wants to be deleted
  336. function deleteAccount($memID)
  337. {
  338. global $txt, $context, $user_info, $modSettings, $cur_profile, $smcFunc;
  339. if (!$context['user']['is_owner'])
  340. isAllowedTo('profile_remove_any');
  341. elseif (!allowedTo('profile_remove_any'))
  342. isAllowedTo('profile_remove_own');
  343. // Permissions for removing stuff...
  344. $context['can_delete_posts'] = !$context['user']['is_owner'] && allowedTo('moderate_forum');
  345. // Can they do this, or will they need approval?
  346. $context['needs_approval'] = $context['user']['is_owner'] && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum');
  347. $context['page_title'] = $txt['deleteAccount'] . ': ' . $cur_profile['real_name'];
  348. }
  349. function deleteAccount2($profile_vars, $post_errors, $memID)
  350. {
  351. global $user_info, $sourcedir, $context, $cur_profile, $modSettings, $smcFunc;
  352. // Try get more time...
  353. @set_time_limit(600);
  354. // !!! Add a way to delete pms as well?
  355. if (!$context['user']['is_owner'])
  356. isAllowedTo('profile_remove_any');
  357. elseif (!allowedTo('profile_remove_any'))
  358. isAllowedTo('profile_remove_own');
  359. checkSession();
  360. $old_profile = &$cur_profile;
  361. // Too often, people remove/delete their own only account.
  362. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1)
  363. {
  364. // Are you allowed to administrate the forum, as they are?
  365. isAllowedTo('admin_forum');
  366. $request = $smcFunc['db_query']('', '
  367. SELECT id_member
  368. FROM {db_prefix}members
  369. WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
  370. AND id_member != {int:selected_member}
  371. LIMIT 1',
  372. array(
  373. 'admin_group' => 1,
  374. 'selected_member' => $memID,
  375. )
  376. );
  377. list ($another) = $smcFunc['db_fetch_row']($request);
  378. $smcFunc['db_free_result']($request);
  379. if (empty($another))
  380. fatal_lang_error('at_least_one_admin', 'critical');
  381. }
  382. // This file is needed for the deleteMembers function.
  383. require_once($sourcedir . '/Subs-Members.php');
  384. // Do you have permission to delete others profiles, or is that your profile you wanna delete?
  385. if ($memID != $user_info['id'])
  386. {
  387. isAllowedTo('profile_remove_any');
  388. // Now, have you been naughty and need your posts deleting?
  389. // !!! Should this check board permissions?
  390. if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum'))
  391. {
  392. // Include RemoveTopics - essential for this type of work!
  393. require_once($sourcedir . '/RemoveTopic.php');
  394. // First off we delete any topics the member has started - if they wanted topics being done.
  395. if ($_POST['remove_type'] == 'topics')
  396. {
  397. // Fetch all topics started by this user within the time period.
  398. $request = $smcFunc['db_query']('', '
  399. SELECT t.id_topic
  400. FROM {db_prefix}topics AS t
  401. WHERE t.id_member_started = {int:selected_member}',
  402. array(
  403. 'selected_member' => $memID,
  404. )
  405. );
  406. $topicIDs = array();
  407. while ($row = $smcFunc['db_fetch_assoc']($request))
  408. $topicIDs[] = $row['id_topic'];
  409. $smcFunc['db_free_result']($request);
  410. // Actually remove the topics.
  411. // !!! This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had.
  412. removeTopics($topicIDs);
  413. }
  414. // Now delete the remaining messages.
  415. $request = $smcFunc['db_query']('', '
  416. SELECT m.id_msg
  417. FROM {db_prefix}messages AS m
  418. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic
  419. AND t.id_first_msg != m.id_msg)
  420. WHERE m.id_member = {int:selected_member}',
  421. array(
  422. 'selected_member' => $memID,
  423. )
  424. );
  425. // This could take a while... but ya know it's gonna be worth it in the end.
  426. while ($row = $smcFunc['db_fetch_assoc']($request))
  427. {
  428. if (function_exists('apache_reset_timeout'))
  429. @apache_reset_timeout();
  430. removeMessage($row['id_msg']);
  431. }
  432. $smcFunc['db_free_result']($request);
  433. }
  434. // Only delete this poor members account if they are actually being booted out of camp.
  435. if (isset($_POST['deleteAccount']))
  436. deleteMembers($memID);
  437. }
  438. // Do they need approval to delete?
  439. elseif (empty($post_errors) && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum'))
  440. {
  441. // Setup their account for deletion ;)
  442. updateMemberData($memID, array('is_activated' => 4));
  443. // Another account needs approval...
  444. updateSettings(array('unapprovedMembers' => true), true);
  445. }
  446. // Also check if you typed your password correctly.
  447. elseif (empty($post_errors))
  448. {
  449. deleteMembers($memID);
  450. require_once($sourcedir . '/LogInOut.php');
  451. LogOut(true);
  452. redirectExit();
  453. }
  454. }
  455. // Function for doing all the paid subscription stuff - kinda.
  456. function subscriptions($memID)
  457. {
  458. global $context, $txt, $sourcedir, $modSettings, $smcFunc, $scripturl;
  459. // Load the paid template anyway.
  460. loadTemplate('ManagePaid');
  461. loadLanguage('ManagePaid');
  462. // Load all of the subscriptions.
  463. require_once($sourcedir . '/ManagePaid.php');
  464. loadSubscriptions();
  465. $context['member']['id'] = $memID;
  466. // Remove any invalid ones.
  467. foreach ($context['subscriptions'] as $id => $sub)
  468. {
  469. // Work out the costs.
  470. $costs = @unserialize($sub['real_cost']);
  471. $cost_array = array();
  472. if ($sub['real_length'] == 'F')
  473. {
  474. foreach ($costs as $duration => $cost)
  475. {
  476. if ($cost != 0)
  477. $cost_array[$duration] = $cost;
  478. }
  479. }
  480. else
  481. {
  482. $cost_array['fixed'] = $costs['fixed'];
  483. }
  484. if (empty($cost_array))
  485. unset($context['subscriptions'][$id]);
  486. else
  487. {
  488. $context['subscriptions'][$id]['member'] = 0;
  489. $context['subscriptions'][$id]['subscribed'] = false;
  490. $context['subscriptions'][$id]['costs'] = $cost_array;
  491. }
  492. }
  493. // Work out what gateways are enabled.
  494. $gateways = loadPaymentGateways();
  495. foreach ($gateways as $id => $gateway)
  496. {
  497. $gateways[$id] = new $gateway['display_class']();
  498. if (!$gateways[$id]->gatewayEnabled())
  499. unset($gateways[$id]);
  500. }
  501. // No gateways yet?
  502. if (empty($gateways))
  503. fatal_error($txt['paid_admin_not_setup_gateway']);
  504. // Get the current subscriptions.
  505. $request = $smcFunc['db_query']('', '
  506. SELECT id_sublog, id_subscribe, start_time, end_time, status, payments_pending, pending_details
  507. FROM {db_prefix}log_subscribed
  508. WHERE id_member = {int:selected_member}',
  509. array(
  510. 'selected_member' => $memID,
  511. )
  512. );
  513. $context['current'] = array();
  514. while ($row = $smcFunc['db_fetch_assoc']($request))
  515. {
  516. // The subscription must exist!
  517. if (!isset($context['subscriptions'][$row['id_subscribe']]))
  518. continue;
  519. $context['current'][$row['id_subscribe']] = array(
  520. 'id' => $row['id_sublog'],
  521. 'sub_id' => $row['id_subscribe'],
  522. 'hide' => $row['status'] == 0 && $row['end_time'] == 0 && $row['payments_pending'] == 0,
  523. 'name' => $context['subscriptions'][$row['id_subscribe']]['name'],
  524. 'start' => timeformat($row['start_time'], false),
  525. 'end' => $row['end_time'] == 0 ? $txt['not_applicable'] : timeformat($row['end_time'], false),
  526. 'pending_details' => $row['pending_details'],
  527. 'status' => $row['status'],
  528. 'status_text' => $row['status'] == 0 ? ($row['payments_pending'] ? $txt['paid_pending'] : $txt['paid_finished']) : $txt['paid_active'],
  529. );
  530. if ($row['status'] == 1)
  531. $context['subscriptions'][$row['id_subscribe']]['subscribed'] = true;
  532. }
  533. $smcFunc['db_free_result']($request);
  534. // Simple "done"?
  535. if (isset($_GET['done']))
  536. {
  537. $_GET['sub_id'] = (int) $_GET['sub_id'];
  538. // Must exist but let's be sure...
  539. if (isset($context['current'][$_GET['sub_id']]))
  540. {
  541. // What are the details like?
  542. $current_pending = @unserialize($context['current'][$_GET['sub_id']]['pending_details']);
  543. if (!empty($current_pending))
  544. {
  545. $current_pending = array_reverse($current_pending);
  546. foreach ($current_pending as $id => $sub)
  547. {
  548. // Just find one and change it.
  549. if ($sub[0] == $_GET['sub_id'] && $sub[3] == 'prepay')
  550. {
  551. $current_pending[$id][3] = 'payback';
  552. break;
  553. }
  554. }
  555. // Save the details back.
  556. $pending_details = serialize($current_pending);
  557. $smcFunc['db_query']('', '
  558. UPDATE {db_prefix}log_subscribed
  559. SET payments_pending = payments_pending + 1, pending_details = {string:pending_details}
  560. WHERE id_sublog = {int:current_subscription_id}
  561. AND id_member = {int:selected_member}',
  562. array(
  563. 'current_subscription_id' => $context['current'][$_GET['sub_id']]['id'],
  564. 'selected_member' => $memID,
  565. 'pending_details' => $pending_details,
  566. )
  567. );
  568. }
  569. }
  570. $context['sub_template'] = 'paid_done';
  571. return;
  572. }
  573. // If this is confirmation then it's simpler...
  574. if (isset($_GET['confirm']) && isset($_POST['sub_id']) && is_array($_POST['sub_id']))
  575. {
  576. // Hopefully just one.
  577. foreach ($_POST['sub_id'] as $k => $v)
  578. $ID_SUB = (int) $k;
  579. if (!isset($context['subscriptions'][$ID_SUB]) || $context['subscriptions'][$ID_SUB]['active'] == 0)
  580. fatal_lang_error('paid_sub_not_active');
  581. // Simplify...
  582. $context['sub'] = $context['subscriptions'][$ID_SUB];
  583. $period = 'xx';
  584. if ($context['sub']['flexible'])
  585. $period = isset($_POST['cur'][$ID_SUB]) && isset($context['sub']['costs'][$_POST['cur'][$ID_SUB]]) ? $_POST['cur'][$ID_SUB] : 'xx';
  586. // Check we have a valid cost.
  587. if ($context['sub']['flexible'] && $period == 'xx')
  588. fatal_lang_error('paid_sub_not_active');
  589. // Sort out the cost/currency.
  590. $context['currency'] = $modSettings['paid_currency_code'];
  591. $context['recur'] = $context['sub']['repeatable'];
  592. if ($context['sub']['flexible'])
  593. {
  594. // Real cost...
  595. $context['value'] = $context['sub']['costs'][$_POST['cur'][$ID_SUB]];
  596. $context['cost'] = sprintf($modSettings['paid_currency_symbol'], $context['value']) . '/' . $txt[$_POST['cur'][$ID_SUB]];
  597. // The period value for paypal.
  598. $context['paypal_period'] = strtoupper(substr($_POST['cur'][$ID_SUB], 0, 1));
  599. }
  600. else
  601. {
  602. // Real cost...
  603. $context['value'] = $context['sub']['costs']['fixed'];
  604. $context['cost'] = sprintf($modSettings['paid_currency_symbol'], $context['value']);
  605. // Recur?
  606. preg_match('~(\d*)(\w)~', $context['sub']['real_length'], $match);
  607. $context['paypal_unit'] = $match[1];
  608. $context['paypal_period'] = $match[2];
  609. }
  610. // Setup the gateway context.
  611. $context['gateways'] = array();
  612. foreach ($gateways as $id => $gateway)
  613. {
  614. $fields = $gateways[$id]->fetchGatewayFields($context['sub']['id'] . '+' . $memID, $context['sub'], $context['value'], $period, $scripturl . '?action=profile;u=' . $memID . ';area=subscriptions;sub_id=' . $context['sub']['id'] . ';done');
  615. if (!empty($fields['form']))
  616. $context['gateways'][] = $fields;
  617. }
  618. // Bugger?!
  619. if (empty($context['gateways']))
  620. fatal_error($txt['paid_admin_not_setup_gateway']);
  621. // Now we are going to assume they want to take this out ;)
  622. $new_data = array($context['sub']['id'], $context['value'], $period, 'prepay');
  623. if (isset($context['current'][$context['sub']['id']]))
  624. {
  625. // What are the details like?
  626. $current_pending = array();
  627. if ($context['current'][$context['sub']['id']]['pending_details'] != '')
  628. $current_pending = @unserialize($context['current'][$context['sub']['id']]['pending_details']);
  629. // Don't get silly.
  630. if (count($current_pending) > 9)
  631. $current_pending = array();
  632. $pending_count = 0;
  633. // Only record real pending payments as will otherwise confuse the admin!
  634. foreach ($current_pending as $pending)
  635. if ($pending[3] == 'payback')
  636. $pending_count++;
  637. if (!in_array($new_data, $current_pending))
  638. {
  639. $current_pending[] = $new_data;
  640. $pending_details = serialize($current_pending);
  641. $smcFunc['db_query']('', '
  642. UPDATE {db_prefix}log_subscribed
  643. SET payments_pending = {int:pending_count}, pending_details = {string:pending_details}
  644. WHERE id_sublog = {int:current_subscription_item}
  645. AND id_member = {int:selected_member}',
  646. array(
  647. 'pending_count' => $pending_count,
  648. 'current_subscription_item' => $context['current'][$context['sub']['id']]['id'],
  649. 'selected_member' => $memID,
  650. 'pending_details' => $pending_details,
  651. )
  652. );
  653. }
  654. }
  655. // Never had this before, lovely.
  656. else
  657. {
  658. $pending_details = serialize(array($new_data));
  659. $smcFunc['db_insert']('',
  660. '{db_prefix}log_subscribed',
  661. array(
  662. 'id_subscribe' => 'int', 'id_member' => 'int', 'status' => 'int', 'payments_pending' => 'int', 'pending_details' => 'string-65534',
  663. 'start_time' => 'int', 'vendor_ref' => 'string-255',
  664. ),
  665. array(
  666. $context['sub']['id'], $memID, 0, 0, $pending_details,
  667. time(), '',
  668. ),
  669. array('id_sublog')
  670. );
  671. }
  672. // Change the template.
  673. $context['sub_template'] = 'choose_payment';
  674. // Quit.
  675. return;
  676. }
  677. else
  678. $context['sub_template'] = 'user_subscription';
  679. }
  680. ?>