0 && is_numeric($_GET['upload'])){ $request = $db->EscapeString($_GET['upload']); $check_valid = $db->QueryFetchArray("SELECT COUNT(*) AS total FROM `requests` WHERE (`user`='".$data['id']."' AND `id`='".$request."') AND `proof`='0'"); if($check_valid['total'] > 0){ $is_valid = 1; } } if(isset($_POST['submit'])){ $request = $db->EscapeString($is_valid ? $_GET['upload'] : $_POST['request']); $request = $db->QueryFetchArray("SELECT * FROM `requests` WHERE (`user`='".$data['id']."' AND `id`='".$request."') AND `proof`='0' LIMIT 1"); $MAX_SIZE = 750; // Max image size in kb function getExtension($str) { if($str == 'image/jpeg'){ return 'jpg'; }elseif($str == 'image/png'){ return 'png'; }elseif($str == 'image/gif'){ return 'gif'; } } if(!empty($request) && $_FILES['cons_image']['name']){ $tmpFile = $_FILES['cons_image']['tmp_name']; $b_info = getimagesize($tmpFile); $extension = getExtension($b_info['mime']); if($request['id'] == ''){ echo ''; }elseif($b_info['mime'] != 'image/jpeg' && $b_info['mime'] != 'image/png' && $b_info['mime'] != 'image/gif'){ echo ''; }elseif(filesize($tmpFile) > $MAX_SIZE*1024){ echo ''; }else{ $image_name = 'p-'.MD5($data['id'].'_'.$request['id'].'_'.time()).'.'.$extension; $copied = copy($tmpFile, dirname( __FILE__ )."/files/proofs/".$image_name); if(!$copied){ echo ''; }else{ $proof = '/files/proofs/'.$image_name; $db->Query("INSERT INTO `payment_proofs` (p_id, u_id, proof, proof_date, approved) VALUES('".$request['id']."', '".$data['id']."', '".$proof."', '".time()."', '0')"); $db->Query("UPDATE `requests` SET `proof`='1' WHERE `id`='".$request['id']."'"); echo ''; } } }else{ echo ''; } } if($db->QueryGetNumRows("SELECT id FROM `requests` WHERE `user`='".$data['id']."' AND `proof`='0' LIMIT 1") > 0){ ?>

QueryFetchArrayAll("SELECT id, amount, UNIX_TIMESTAMP(date) AS date FROM `requests` WHERE `user`='".$data['id']."' AND (`paid`='1' AND `proof`='0') ORDER BY `date` ASC"); foreach($requests as $request){ echo ''.$lang['b_312'].' #'.$request['id'].' - '.$lang['b_103'].': '.$request['amount'].' '.get_currency_symbol($site['currency_code']).' - '.$lang['b_106'].': '.date('d M Y', $request['date']).''; } ?>

QueryFetchArrayAll("SELECT a.id, a.user, a.amount, UNIX_TIMESTAMP(a.date) AS date, b.proof, b.approved, c.login FROM requests a LEFT JOIN payment_proofs b ON b.p_id = a.id LEFT JOIN users c ON c.id = a.user WHERE a.paid = '1' AND a.user = '".$data['id']."' ORDER BY a.date DESC"); if($proofs){ ?>