Файл: Source/pages/getprizei.php
Строк: 209
<?php
/*
* Script name: Points4Prize
* Author: Soft Projects
* Date created: 15/07/2015
*/
require_once 'inc/header.php';
?>
<body class="no-slider">
<!-- <body class="has-top-menu"> -->
<!-- BEGIN #slider-imgs -->
<div id="slider-imgs">
<div class="featured-img-box">
<div id="featured-img-1" class="featured-img"></div>
<div id="featured-img-2" class="featured-img invisible"></div>
<div id="featured-img-3" class="featured-img invisible"></div>
<div id="featured-img-4" class="featured-img invisible"></div>
</div>
<!-- END #slider-imgs -->
</div>
<!-- BEGIN #top-layer -->
<div id="top-layer">
<div id="header-top">
<?php
require_once 'inc/header_top.php';
?>
</div>
<section id="content">
<header id="header">
<div id="menu-bottom">
<?php
require_once 'inc/menu_bottom.php';
?>
</div>
<div class="wrapper">
<div class="header-breadcrumbs">
<?php
require_once 'inc/stats.php';
if(empty($_GET['id'])){
header("Location: /prizes");
}
$id = sprintf("%s", mysql_real_escape_string($_GET['id']));
$result = mysql_query("SELECT * FROM vn_prizes WHERE id='{$id}'") or die(mysql_error());
if (mysql_num_rows($result) == 0) {
header("Location: /prizes");
}
$row = mysql_fetch_array($result);
$points = number_format($row['points'], 0, ',', ' ');
?>
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="/prizes">Prizes</a></li>
<li> <?php echo $row['title'];?></li>
</ul>
</div>
</div>
</header>
<div id="main-box" class="full-width">
<div id="main">
<h2><span>Get Prize <?php echo $row['title'];?></span></h2>
<div class="content-padding">
<?php
$errors1 = array();
if (isset($_SESSION['user'])) {
$user2 = str_replace(" ", "", $_SESSION['user']);
} elseif (isset($_COOKIE['user'])) {
$user2 = str_replace(" ", "", $_COOKIE['user']);
} else {
header('Location: /login');
}
$user2 = sprintf("%s", mysql_real_escape_string($user2));
$checkp2 = mysql_query("SELECT id,points FROM vn_users WHERE user='{$user2}'") or die(mysql_error());
$rowp2 = mysql_fetch_assoc($checkp2);
$mpoints = number_format($rowp2[points], 0, ',', ' ');
$ppoints = number_format($row[points], 0, ',', ' ');
if ($rowp2['points'] < $row['points']) {
$errors1[] = "Insufficient number of points. The prize worth <b>$ppoints</b>, if you have <b>$mpoints</b>.";
}
if ($row['quantity'] <= 0) {
$errors1[] = 'The amount of the award is exhausted. Please try in coming days.';
}
?>
<?php
if(empty($errors1)){
if (isset($_POST['f_name'])) {
$errors = array();
if (empty($_POST['f_name']) or empty($_POST['m_name']) or empty($_POST['l_name'])
or empty($_POST['phone']) or empty($_POST['city']) or empty($_POST['address'])) {
$errors[] = 'Some fields are empty.';
} else {
$f_name = sprintf("%s", mysql_real_escape_string($_POST['f_name']));
$m_name = sprintf("%s", mysql_real_escape_string($_POST['m_name']));
$l_name = sprintf("%s", mysql_real_escape_string($_POST['l_name']));
$phone = sprintf("%s", mysql_real_escape_string($_POST['phone']));
$city = sprintf("%s", mysql_real_escape_string($_POST['city']));
$address = sprintf("%s", mysql_real_escape_string($_POST['address']));
if (isset($_SESSION['user'])) {
$user2 = str_replace(" ", "", $_SESSION['user']);
} elseif (isset($_COOKIE['user'])) {
$user2 = str_replace(" ", "", $_COOKIE['user']);
} else {
header('Location: /login');
}
$user2 = sprintf("%s", mysql_real_escape_string($user2));
$checkp2 = mysql_query("SELECT id,points FROM vn_users WHERE user='{$user2}'") or die(mysql_error());
$rowp2 = mysql_fetch_assoc($checkp2);
$mpoints = number_format($rowp2[points], 0, ',', ' ');
$ppoints = number_format($row[points], 0, ',', ' ');
if ($rowp2['points'] < $row['points']) {
$errors1[] = "Insufficient number of points. The prize worth <b>$ppoints</b>, if you have <b>$mpoints</b>.";
}
if ($row['quantity'] <= 0) {
$errors1[] = 'The amount of the award is exhausted. Please try in coming days.';
}
if (empty($errors)) {
$time = time();
$date = date("d.m.Y H:i");
$ip = $_SERVER['REMOTE_ADDR'];
$email = $GLOBALS['email'];
$leftpoints = $rowp2['points'] - $row['points'];
$novitochkii = $leftpoints;
mysql_query("UPDATE vn_users SET points=$novitochkii, wonprizes=wonprizes+1 WHERE user='{$user2}'") or die(mysql_error());
// mysql_query("UPDATE vn_prizes SET quantity=quantity-1 WHERE id='{$id}'") or die(mysql_error());
mysql_query("INSERT INTO vn_awarded (userid, prizeid, f_name, m_name, l_name, phone, oblast, obstina, city, address, ip, date, status) VALUES('{$rowp2[id]}','{$id}','{$f_name}','{$m_name}','{$l_name}','{$phone}','{$oblast}','{$obstina}','{$city}','{$address}','{$ip}','{$time}','0')") or die(mysql_error());
$subject = "Request Award";
$message = "<p><hr />"
. "Username: <b>$user2</b><br />"
. "Get Prize: <b>$row[title]</b><br />"
. "Points: <b>$rowp2[points] - $row[points] = $leftpoints</b><br />"
. "Name: <b>$f_name $m_name $l_name</b><br />"
. "Phone: <b>$phone</b><br />"
. "Adress: <b>$address</b><br />"
. "City: <b>$city</b><br />"
. "Date: <b>$date</b><br />"
. "IP: <b>$ip</b><br />"
. "<hr /></p>";
$headers = "From: $emailn"
. "Reply-To: $emailn"
. "MIME-Version: 1.0n"
. "Content-type: text/html; charset=utf-8n"
. "X-Mailer: PHP/" . phpversion();
mail($email, $subject, $message, $headers);
$good = "<div class='info-message' style='background-color: #75a226;'>The application is successfully sent.</div>
";
}
}
}
if (!empty($errors)) {
echo "<div class='info-message' style='background-color: #a24026;'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
else{
echo $good;
}
?>
<form method='post' name='take'>
<table class='register' style='margin:0 auto; text-align:left;'>
<tr>
<td style="width:300px;">
<label for='inputEmail' class='col-lg-2 control-label'>Name:</label>
</td>
<td>
<input class='form-control' id='inputEmail' type='text' name='f_name' maxlength='40' required='required' style='width:350px;'></td>
</tr>
<tr>
<td>Surname:</td>
<td><input type='text' name='m_name' class='form-control' id='inputEmail' maxlength='40' required='required' style='width:350px;' /></td>
</tr>
<tr>
<td>Last name:</td>
<td><input type='text' name='l_name' class='form-control' id='inputEmail' maxlength='40' required='required' style='width:350px;' /></td>
</tr>
<tr>
<td>Phone:</td>
<td><input type='text' name='phone' class='form-control' id='inputEmail' maxlength='15' required='required' style='width:350px;' /></td>
</tr>
<tr>
<td>City:</td>
<td><input type='text' name='city' class='form-control' id='inputEmail' maxlength='15' required='required' style='width:350px;' /></td>
</tr>
<tr>
<td style='vertical-align:top;'>Adress:</td>
<td><textarea name='address' style="height:100px;width:80%;" id='textArea' required='required'></textarea></td>
</tr>
</table>
<br />
<div>
<center><button type='submit' class="button" style="background-color: #519623;width:100%;" name=''>Confirm</button>
<br />
</div>
</form>
<?php
}
?>
<?php
if (!empty($errors1)) {
echo "<div class='info-message' style='background-color: #a24026;'>";
foreach ($errors1 as $error) {
echo $error . '<br />';
}
echo "</div>";
}
?>
</div>
<div class="clear-float"></div>
</div>
<div class="clear-float"></div>
</div>
</div>
</div>
<?php
require_once 'inc/footer.php';
?>