]> git.mxchange.org Git - mailer.git/blob - inc/libs/sponsor_functions.php
Fix for 'array-to-string-conversion' bug in request-functions.php
[mailer.git] / inc / libs / sponsor_functions.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 04/23/2005 *
4  * ===============                              Last change: 05/18/2008 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : sponsor_functions.php                            *
8  * -------------------------------------------------------------------- *
9  * Short description : Functions for the sponsor area                   *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Funktionen fuer den Sponsorenbereich             *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software. You can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License.       *
21  *                                                                      *
22  * This program is distributed in the hope that it will be useful,      *
23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
25  * GNU General Public License for more details.                         *
26  *                                                                      *
27  * You should have received a copy of the GNU General Public License    *
28  * along with this program; if not, write to the Free Software          *
29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
30  * MA  02110-1301  USA                                                  *
31  ************************************************************************/
32
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
35         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
36         require($INC);
37 }
38
39 //
40 function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) {
41         // Init a lot variables
42         $SAVE = true;
43         $UPDATE = false;
44         $skip = false;
45         $ALREADY = false;
46         $ret = "unused";
47
48         // Skip these entries
49         $SKIPPED = array(
50                 'ok', 'edit', 'terms', 'pay_type'
51         );
52
53         // Save sponsor data
54         $DATA = array(
55                 'keys'   => array(),
56                 'values' => array()
57         );
58
59         // Check if sponsor already exists
60         foreach ($POST as $k => $v) {
61                 if (!(array_search($k, $SKIPPED) > -1)) {
62                         // Check only posted input entries not the submit button
63                         switch ($k)
64                         {
65                         case "email":
66                                 $ALREADY = false;
67                                 if (!VALIDATE_EMAIL($v)) {
68                                         // Email address is not valid
69                                         $SAVE = false;
70                                 } else {
71                                         // Do we want to add a new sponsor or update his data?
72                                         $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1",
73                                                 array($POST['email']), __FUNCTION__, __LINE__);
74
75                                         // Is a sponsor alread in the db?
76                                         if (SQL_NUMROWS($result) == 1) {
77                                                 // Yes, he is!
78                                                 if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) {
79                                                         // Already found!
80                                                         $ALREADY = true;
81                                                 } else {
82                                                         // Update his data
83                                                         $UPDATE = true;
84                                                 }
85                                         }
86
87                                         // Free memory
88                                         SQL_FREERESULT($result);
89                                 }
90                                 break;
91
92                         case "pass1":
93                                 $k = ""; $v = "";
94                                 break;
95
96                         case "pass2":
97                                 $k = "password"; $v = md5($v);
98                                 break;
99
100                         case "url":
101                                 if (!VALIDATE_URL($v)) $SAVE = false;
102                                 break;
103
104                         default:
105                                 // Test if there is are time selections
106                                 CONVERT_SELECTIONS_TO_TIMESTAMP($POST, $DATA, $k, $skip);
107                                 break;
108                         }
109
110                         if ((!empty($k)) && ($skip == false)) {
111                                 // Add data
112                                 $DATA['keys'][] = $k; $DATA['values'][] = $v;
113                         }
114                 }
115         }
116
117         // Save sponsor?
118         if ($SAVE) {
119                 // Default is no force even when a guest want to abuse this force switch
120                 if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
121
122                 // SQL and message string is empty by default
123                 $sql = ""; $MSG = "";
124
125                 // Update?
126                 if ($UPDATE) {
127                         // Update his data
128                         $sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET ";
129                         foreach ($DATA['keys'] as $k => $v) {
130                                 $sql .= $v."='%s', ";
131                         }
132
133                         // Remove last ", " from SQL string
134                         $sql = substr($sql, 0, -2)." WHERE id='%s' LIMIT 1";
135                         $DATA['values'][] = bigintval(REQUEST_GET('id'));
136
137                         // Generate message
138                         $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
139                         $ret = "updated";
140                 } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) {
141                         // Add new sponsor, first add more data
142                         $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
143                         $DATA['keys'][] = "status";
144                         if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) {
145                                 // Only allowed for admin
146                                 $DATA['values'][] = "PENDING";
147                         } else {
148                                 // Guest area
149                                 $DATA['values'][] = "UNCONFIRMED";
150
151                                 // Generate hash code
152                                 $DATA['keys'][] = "hash";
153                                 $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
154                                 $DATA['keys'][] = "remote_addr";
155                                 $DATA['values'][] = GET_REMOTE_ADDR();
156                         }
157
158                         // Implode all data into strings
159                         $KEYS   = implode(", "  , $DATA['keys']);
160                         $VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
161
162                         // Generate string
163                         $sql = "INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_data` (".$KEYS.") VALUES ('".$VALUES."%s')";
164
165                         // Generate message
166                         $MSG = SPONSOR_GET_MESSAGE(getMessage('ADMIN_SPONSOR_ADDED'), "added", $MSGs);
167                         $ret = "added";
168                 } elseif ((!$NO_UPDATE) && (IS_ADMIN())) {
169                         // Add all data as hidden data
170                         $OUT = "";
171                         foreach ($POST as $k => $v) {
172                                 // Do not add 'force' !
173                                 if ($k != "force") {
174                                         $OUT .= "<input type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\" />\n";
175                                 }
176                         }
177                         define('__HIDDEN_DATA', $OUT);
178                         define('__EMAIL'      , $POST['email']);
179
180                         // Ask for adding a sponsor with same email address
181                         LOAD_TEMPLATE("admin_add_sponsor_already");
182                         return;
183                 } else {
184                         // Already added!
185                         $MSG = sprintf(getMessage('SPONSOR_ALREADY_FOUND', $POST['email']));
186                         $ret = "already";
187                 }
188
189                 if (!empty($sql)) {
190                         // Run SQL command
191                         $result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
192                 }
193
194                 // Output message
195                 if ((!$NO_UPDATE) && (IS_ADMIN())) {
196                         LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
197                 }
198         } else {
199                 // Error found!
200                 $MSG = SPONSOR_GET_MESSAGE(getMessage('SPONSOR_DATA_NOT_SAVED'), "failed", $MSGs);
201                 LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
202         }
203
204         // Shall we return the status?
205         if ($RET_STATUS) return $ret;
206 }
207 //
208 function SPONSOR_TRANSLATE_STATUS ($status) {
209         // Construct constant name
210         $constantName = sprintf("ACCOUNT_%s", $status);
211
212         // Is the constant there?
213         if (defined($constantName)) {
214                 // Then use it
215                 $ret = constant($constantName);
216         } else {
217                 // Not found!
218                 DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
219                 $ret = sprintf(getMessage('UNKNOWN_STATUS'), $status);
220         }
221         return $ret;
222 }
223 // Search for an email address in the database
224 function SPONSOR_FOUND_EMAIL_DB ($email) {
225         // Do we already have the provided email address in our DB?
226         $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1);
227
228         // Return result
229         return $ret;
230 }
231 //
232 function SPONSOR_GET_MESSAGE ($msg, $pos, $array) {
233         // Check if the requested message was found in array
234         if (isset($array[$pos])) {
235                 // ... if yes then use it!
236                 $ret = $array[$pos];
237         } else {
238                 // ... else use default message
239                 $ret = $msg;
240         }
241
242         // Return result
243         return $ret;
244 }
245
246 //
247 function IS_SPONSOR () {
248         // Failed...
249         $ret = false;
250         if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) {
251                 // Check cookies against database records...
252                 $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data`
253 WHERE id='%s' AND password='%s' AND `status`='CONFIRMED' LIMIT 1",
254                         array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FUNCTION__, __LINE__);
255                 if (SQL_NUMROWS($result) == 1) {
256                         // All is fine
257                         $ret = true;
258                 }
259
260                 // Free memory
261                 SQL_FREERESULT($result);
262         }
263
264         // Return status
265         return $ret;
266 }
267 //
268 function GENERATE_SPONSOR_MENU($current)
269 {
270         $OUT = "";
271         $WHERE = " AND active='Y'";
272         if (IS_ADMIN()) $WHERE = "";
273
274         // Load main menu entries
275         $result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{!_MYSQL_PREFIX!}_sponsor_menu`
276 WHERE (what='' OR `what` IS NULL) ".$WHERE."
277 ORDER BY `sort`", __FUNCTION__, __LINE__);
278         if (SQL_NUMROWS($result_main) > 0) {
279                 // Load every menu and it's sub menus
280                 while ($content = SQL_FETCHARRAY($result_main)) {
281                         // Load sub menus
282                         $result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{!_MYSQL_PREFIX!}_sponsor_menu`
283 WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE."
284 ORDER BY `sort`",
285                                 array($content['main_action']), __FUNCTION__, __LINE__);
286                         if (SQL_NUMROWS($result_sub) > 0) {
287                                 // Load sub menus
288                                 $SUB = "";
289                                 while ($content2 = SQL_FETCHARRAY($result_sub)) {
290                                         // Merge both arrays
291                                         $content = merge_array($content, $content2);
292
293                                         // Check if current selected menu is matching the loaded one
294                                         if ($current == $content['sub_what']) $content['sub_title'] = "<strong>".$content['sub_title']."</strong>";
295
296                                         // Prepare data for the sub template
297                                         $content = array(
298                                                 'what'  => $content['sub_what'],
299                                                 'title' => $content['sub_title']
300                                         );
301
302                                         // Load row template
303                                         $SUB .= LOAD_TEMPLATE("sponsor_what", true, $content);
304                                 }
305
306                                 // Prepare data for the main template
307                                 $content = array(
308                                         'title' => $content['main_title'],
309                                         'menu'  => $SUB
310                                 );
311
312                                 // Load menu template
313                                 $OUT .= LOAD_TEMPLATE("sponsor_action", true, $content);
314                         } else {
315                                 // No sub menus active
316                                 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE'));
317                         }
318
319                         // Free memory
320                         SQL_FREERESULT($result_sub);
321                 }
322         } else {
323                 // No main menus active
324                 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE'));
325         }
326
327         // Free memory
328         SQL_FREERESULT($result_main);
329
330         // Return content
331         return $OUT;
332 }
333
334 //
335 function GENERATE_SPONSOR_CONTENT ($what) {
336         $OUT = "";
337         $INC = sprintf("inc/modules/sponsor/%s.php", $what);
338         if (INCLUDE_READABLE($INC)) {
339                 // Every sponsor action will output nothing directly. It will be written into $OUT!
340                 LOAD_INC_ONCE($INC);
341         } else {
342                 // File not found!
343                 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, sprintf(getMessage('SPONSOR_CONTENT_404'), $what));
344         }
345
346         // Return content
347         return $OUT;
348 }
349
350 //
351 function UPDATE_SPONSOR_LOGIN () {
352         // Failed by default
353         $login = false;
354
355         // Is sponsor?
356         if (IS_SPONSOR()) {
357                 // Update last online timestamp
358                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data`
359 SET last_online=UNIX_TIMESTAMP()
360 WHERE id='%s' AND password='%s' LIMIT 1",
361                         array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FUNCTION__, __LINE__);
362
363                 // This update went fine?
364                 $login = (SQL_AFFECTEDROWS() == 1);
365         }
366
367         // Return status
368         return $login;
369 }
370 //
371 function SPONSOR_SAVE_DATA ($POST, $content) {
372         $EMAIL = false;
373
374         // Unsecure data which we don't want
375         $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
376                         'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
377                         'ok', 'pass1', 'pass2');
378
379         // Set default message ("not saved")
380         $MSG = getMessage('SPONSOR_ACCOUNT_DATA_NOT_SAVED');
381
382         // Check for submitted passwords
383         if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) {
384                 // Are both passwords the same?
385                 if ($POST['pass1'] == $POST['pass2']) {
386                         // Okay, then set password and remove pass1 and pass2
387                         $POST['password'] = md5($POST['pass1']);
388                 } // END - if
389         } // END - if
390
391         // Remove all (maybe spoofed) unsafe data from array
392         foreach ($UNSAFE as $remove) {
393                 unset($POST[$remove]);
394         } // END - foreach
395
396         // This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
397         // secure the data
398         $DATA = array();
399
400         // Prepare SQL string
401         $sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET";
402         foreach ($POST as $key => $value) {
403                 // Mmmmm, too less security here???
404                 $sql   .= " ".strip_tags($key)."='%s',";
405
406                 // We will secure this later inside the SQL_QUERY_ESC() function
407                 $DATA[] = strip_tags($value);
408
409                 // Compile {SLASH} and so on for the email templates
410                 $POST[$key] = COMPILE_CODE($value);
411         } // END - foreach
412
413         // Check if email has changed
414         if ((!empty($content['email'])) && (!empty($POST['email']))) {
415                 if ($content['email'] != $POST['email']) {
416                         // Change email address
417                         $EMAIL = true;
418
419                         // Okay, has changed then add status with UNCONFIRMED and new hash code
420                         $sql .= " `status`='EMAIL', hash='%s',";
421
422                         // Generate hash code
423                         $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
424                         $DATA[] = $HASH;
425                 } // END - if
426         } // END - if
427
428         // Remove last commata
429         $sql = substr($sql, 0, -1);
430
431         // Add SQL tail data
432         $sql .= " WHERE id='%s' AND password='%s' LIMIT 1";
433         $DATA[] = bigintval(get_session('sponsorid'));
434         $DATA[] = get_session('sponsorpass');
435
436         // Saving data was completed... ufff...
437         switch ($GLOBALS['what'])
438         {
439         case "account": // Change account data
440                 if ($EMAIL === true) {
441                         $MSG   = getMessage('SPONSOR_ACCOUNT_EMAIL_CHANGED');
442                         $templ = "admin_sponsor_change_email";
443                         $subj  = getMessage('ADMIN_SPONSOR_ACC_EMAIL_SUBJ');
444                 } else {
445                         $MSG   = getMessage('SPONSOR_ACCOUNT_DATA_SAVED');
446                         $templ = "admin_sponsor_change_data";
447                         $subj  = getMessage('ADMIN_SPONSOR_ACC_DATA_SUBJ');
448                 }
449                 break;
450
451         case "settings": // Change settings
452                 // Translate some data
453                 $content['receive']  = TRANSLATE_YESNO($content['receive_warnings']);
454                 $content['interval'] = CREATE_FANCY_TIME($content['warning_interval']);
455
456                 // Set message template and subject for admin
457                 $MSG   = getMessage('SPONSOR_SETTINGS_SAVED');
458                 $templ = "admin_sponsor_settings";
459                 $subj  = getMessage('ADMIN_SPONSOR_SETTINGS_SUBJ');
460                 break;
461
462         default: // Unknown sponsor what value!
463                 DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
464                 $MSG = sprintf(getMessage('SPONSOR_UNKNOWN_WHAT'), $GLOBALS['what']);
465                 $templ = ""; $subj = "";
466                 break;
467         }
468
469         if (SQL_AFFECTEDROWS() == 1) {
470                 if (!empty($templ) && !empty($subj)) {
471                         // Run SQL command and check for success
472                         $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);
473
474                         // Add all data to content
475                         global $DATA;
476                         $DATA = $POST;
477
478                         // Change some data
479                         if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
480                         if (isset($DATA['gender']))    $DATA['gender']    = TRANSLATE_GENDER($DATA['gender']);
481                         if (isset($content['receive_warnings'])) $DATA['receive']     = TRANSLATE_YESNO($POST['receive_warnings']);
482                         if (isset($content['warning_interval'])) $DATA['interval']    = CREATE_FANCY_TIME($POST['warning_interval']);
483
484                         // Send email to admins
485                         SEND_ADMIN_NOTIFICATION($subj, $templ, $content);
486
487                         // Shall we send mail to the sponsor's new email address?
488                         if ($content['receive_warnings'] == "Y") {
489                                 // Okay send email with confirmation link to new address and with no confirmation link
490                                 // to the old address
491
492                                 // First to old address
493                                 switch ($GLOBALS['what'])
494                                 {
495                                 case "account": // Change account data
496                                         $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
497                                         SEND_EMAIL($content['email'], getMessage('SPONSOR_ACC_DATA_SUBJ'), $email_msg);
498
499                                         if ($EMAIL === true) {
500                                                 // Add hash code to content array
501                                                 $content['hash'] = $HASH;
502
503                                                 // Second mail goes to the new address
504                                                 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content);
505                                                 SEND_EMAIL($content['email'], getMessage('SPONSOR_ACC_EMAIL_SUBJ'), $email_msg);
506                                         }
507                                         break;
508
509                                 case "settings": // Change settings
510                                         // Send email
511                                         $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content);
512                                         SEND_EMAIL($content['email'], getMessage('SPONSOR_SETTINGS_SUBJ'), $email_msg);
513                                         break;
514                                 }
515                         } // END - if
516                 } // END - if
517         } // END - if
518
519         // Return final message
520         return $MSG;
521 }
522
523 //
524 ?>