2 /************************************************************************
3 * MXChange v0.2.1 Start: 04/23/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : sponsor_functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for the sponsor area *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer den Sponsorenbereich *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
35 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
40 function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) {
41 // Init a lot variables
50 'ok', 'edit', 'terms', 'pay_type'
59 // Check if sponsor already exists
60 foreach ($POST as $k => $v) {
61 if (!(array_search($k, $SKIPPED) > -1)) {
62 // Check only posted input entries not the submit button
67 if (!VALIDATE_EMAIL($v)) {
68 // Email address is not valid
71 // Do we want to add a new sponsor or update his data?
72 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
73 array($POST['email']), __FILE__, __LINE__);
75 // Is a sponsor alread in the db?
76 if (SQL_NUMROWS($result) == 1) {
78 if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) {
88 SQL_FREERESULT($result);
97 $k = "password"; $v = md5($v);
101 if (!VALIDATE_URL($v)) $SAVE = false;
105 // Test if there is are time selections
106 $TEST = substr($k, -3);
107 if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) {
108 // Found a multi-selection for timings?
109 $TEST = substr($k, 0, -3);
110 if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) {
111 // Generate timestamp
112 $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
113 $DATA['keys'][] = $TEST;
114 $DATA['values'][] = $POST[$TEST];
116 // Remove data from array
117 // @TODO Do we still need this all?
118 unset($POST[$TEST."_ye"]);
119 unset($POST[$TEST."_mo"]);
120 unset($POST[$TEST."_we"]);
121 unset($POST[$TEST."_da"]);
122 unset($POST[$TEST."_ho"]);
123 unset($POST[$TEST."_mi"]);
124 unset($POST[$TEST."_se"]);
127 $k = ""; $skip = true; $TEST2 = $TEST;
130 $skip = false; $TEST2 = "";
135 if ((!empty($k)) && ($skip == false)) {
137 $DATA['keys'][] = $k; $DATA['values'][] = $v;
144 // Default is no force even when a guest want to abuse this force switch
145 if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
147 // SQL and message string is empty by default
148 $SQL = ""; $MSG = "";
153 $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
154 foreach ($DATA['keys'] as $k => $v) {
155 $SQL .= $v."='%s', ";
158 // Remove last ", " from SQL string
159 $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
160 $DATA['values'][] = bigintval($_GET['id']);
163 $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
165 } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) {
166 // Add new sponsor, first add more data
167 $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
168 $DATA['keys'][] = "status";
169 if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) {
170 // Only allowed for admin
171 $DATA['values'][] = "PENDING";
174 $DATA['values'][] = "UNCONFIRMED";
176 // Generate hash code
177 $DATA['keys'][] = "hash";
178 $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
179 $DATA['keys'][] = "remote_addr";
180 $DATA['values'][] = GET_REMOTE_ADDR();
183 // Implode all data into strings
184 $KEYS = implode(", " , $DATA['keys']);
185 $VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
188 $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
191 $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
193 } elseif ((!$NO_UPDATE) && (IS_ADMIN())) {
194 // Add all data as hidden data
196 foreach ($POST as $k => $v) {
197 // Do not add 'force' !
199 $OUT .= "<INPUT type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\">\n";
202 define('__HIDDEN_DATA', $OUT);
203 define('__EMAIL' , $POST['email']);
205 // Ask for adding a sponsor with same email address
206 LOAD_TEMPLATE("admin_add_sponsor_already");
210 $MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
216 $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
220 if ((!$NO_UPDATE) && (IS_ADMIN())) {
221 LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
225 $MSG = SPONSOR_GET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
226 LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
229 // Shall we return the status?
230 if ($RET_STATUS) return $ret;
233 function SPONSOR_TRANSLATE_STATUS($status) {
237 $ret = ACCOUNT_UNCONFIRMED;
241 $ret = ACCOUNT_CONFIRMED;
245 $ret = ACCOUNT_LOCKED;
249 $ret = ACCOUNT_PENDING;
253 $ret = ACCOUNT_EMAIL;
257 DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
258 $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2;
263 // Search for an email address in the database
264 function SPONSOR_FOUND_EMAIL_DB ($email) {
265 // Do we already have the provided email address in our DB?
266 $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1);
272 function SPONSOR_GET_MESSAGE ($msg, $pos, $array) {
273 // Check if the requested message was found in array
274 if (isset($array[$pos])) {
275 // ... if yes then use it!
278 // ... else use default message
287 function IS_SPONSOR () {
290 if ((isSessionVariableSet('sponsorid'))) && (isSessionVariableSet('sponsorpass')))) {
291 // Check cookies against database records...
292 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
293 WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
294 array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
295 if (SQL_NUMROWS($result) == 1) {
301 SQL_FREERESULT($result);
308 function GENERATE_SPONSOR_MENU($current)
311 $WHERE = " AND active='Y'";
312 if (IS_ADMIN()) $WHERE = "";
314 // Load main menu entries
315 $result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu
316 WHERE (what='' OR what IS NULL) ".$WHERE."
317 ORDER BY sort", __FILE__, __LINE__);
318 if (SQL_NUMROWS($result_main) > 0)
320 // Load every menu and it's sub menus
321 while(list($action, $title_main) = SQL_FETCHROW($result_main))
324 $result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
325 WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
326 ORDER BY sort", array($action), __FILE__, __LINE__);
327 if (SQL_NUMROWS($result_sub) > 0)
331 while(list($what, $title_sub) = SQL_FETCHROW($result_sub))
333 // Check if current selected menu is matching the loaded one
334 if ($current == $what) $title_sub = "<strong>".$title_sub."</strong>";
336 // Prepare data for the sub template
339 'title' => $title_sub
343 $SUB .= LOAD_TEMPLATE("sponsor_what", true, $content);
346 // Prepare data for the main template
348 'title' => $title_main,
352 // Load menu template
353 $OUT .= LOAD_TEMPLATE("sponsor_action", true, $content);
357 // No sub menus active
358 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_SUB_MENUS_ACTIVE);
362 SQL_FREERESULT($result_sub);
367 // No main menus active
368 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MAIN_MENUS_ACTIVE);
372 SQL_FREERESULT($result_main);
378 function GENERATE_SPONSOR_CONTENT($what)
382 $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
383 if (FILE_READABLE($FILE)) {
384 // Every sponsor action will output nothing directly. It will be written into $OUT!
388 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
395 function UPDATE_SPONSOR_LOGIN () {
401 // Update last online timestamp
402 SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
403 SET last_online=UNIX_TIMESTAMP()
404 WHERE id='%s' AND password='%s' LIMIT 1",
405 array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
407 // This update went fine?
408 $login = (SQL_AFFECTEDROWS() == 1);
415 function SPONSOR_SAVE_DATA ($POST, $content) {
418 // Unsecure data which we don't want
419 $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
420 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
421 'ok', 'pass1', 'pass2');
423 // Set default message ("not saved")
424 $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
426 // Check for submitted passwords
427 if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) {
428 // Are both passwords the same?
429 if ($POST['pass1'] == $POST['pass2']) {
430 // Okay, then set password and remove pass1 and pass2
431 $POST['password'] = md5($POST['pass1']);
435 // Remove all (maybe spoofed) unsafe data from array
436 foreach ($UNSAFE as $remove) {
437 unset($POST[$remove]);
440 // This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
444 // Prepare SQL string
445 $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
446 foreach ($POST as $key => $value) {
447 // Mmmmm, too less security here???
448 $SQL .= " ".strip_tags($key)."='%s',";
450 // We will secure this later inside the SQL_QUERY_ESC() function
451 $DATA[] = strip_tags($value);
453 // Compile {SLASH} and so on for the email templates
454 $POST[$key] = COMPILE_CODE($value);
457 // Check if email has changed
458 if ((!empty($content['email'])) && (!empty($POST['email']))) {
459 if ($content['email'] != $POST['email']) {
460 // Change email address
463 // Okay, has changed then add status with UNCONFIRMED and new hash code
464 $SQL .= " status='EMAIL', hash='%s',";
466 // Generate hash code
467 $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
472 // Remove last commata
473 $SQL = substr($SQL, 0, -1);
476 $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
477 $DATA[] = bigintval(get_session('sponsorid'));
478 $DATA[] = get_session('sponsorpass');
480 // Saving data was completed... ufff...
481 switch ($GLOBALS['what'])
483 case "account": // Change account data
485 $MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED;
486 $templ = "admin_sponsor_change_email";
487 $subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
491 $MSG = SPONSOR_ACCOUNT_DATA_SAVED;
492 $templ = "admin_sponsor_change_data";
493 $subj = ADMIN_SPONSOR_ACC_DATA_SUBJ;
497 case "settings": // Change settings
498 // Translate some data
499 $content['receive'] = TRANSLATE_YESNO($content['receive_warnings']);
500 $content['interval'] = CREATE_FANCY_TIME($content['warning_interval']);
502 // Set message template and subject for admin
503 $MSG = SPONSOR_SETTINGS_SAVED;
504 $templ = "admin_sponsor_settings";
505 $subj = ADMIN_SPONSOR_SETTINGS_SUBJ;
508 default: // Unknown sponsor what value!
509 DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
510 $MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2;
511 $templ = ""; $subj = "";
515 if (SQL_AFFECTEDROWS() == 1)
517 if (!empty($templ) && !empty($subj))
519 // Run SQL command and check for success
520 $result = SQL_QUERY_ESC($SQL, $DATA, __FILE__, __LINE__);
522 // Add all data to content
527 if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
528 if (isset($DATA['gender'])) $DATA['gender'] = TRANSLATE_GENDER($DATA['gender']);
529 if (isset($content['receive_warnings'])) $DATA['receive'] = TRANSLATE_YESNO($POST['receive_warnings']);
530 if (isset($content['warning_interval'])) $DATA['interval'] = CREATE_FANCY_TIME($POST['warning_interval']);
532 // Send email to admins
533 SEND_ADMIN_NOTIFICATION($subj, $templ, $content);
535 // Shall we send mail to the sponsor's new email address?
536 if ($content['receive_warnings'] == "Y")
538 // Okay send email with confirmation link to new address and with no confirmation link
539 // to the old address
541 // First to old address
542 switch ($GLOBALS['what'])
544 case "account": // Change account data
545 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
546 SEND_EMAIL($content['email'], SPONSOR_ACC_DATA_SUBJ, $email_msg);
550 // Add hash code to content array
551 $content['hash'] = $HASH;
553 // Second mail goes to the new address
554 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content);
555 SEND_EMAIL($content['email'], SPONSOR_ACC_EMAIL_SUBJ, $email_msg);
559 case "settings": // Change settings
561 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content);
562 SEND_EMAIL($content['email'], SPONSOR_SETTINGS_SUBJ, $email_msg);
569 // Return final message