2 /************************************************************************
3 * MXChange v0.2.1 Start: 04/23/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : sponsor_functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for the sponsor area *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer den Sponsorenbereich *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
36 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
40 function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
42 global $HTTP_GET_VARS, $_SERVER, $_COOKIE;
43 $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
48 'ok', 'edit', 'terms', 'pay_type'
57 // Check if sponsor already exists
58 foreach ($POST as $k=>$v)
60 if (!(array_search($k, $SKIPPED) > -1))
62 // Check only posted input entries not the submit button
67 if (!VALIDATE_EMAIL($v))
69 // Email address is not valid
74 // Do we want to add a new sponsor or update his data?
75 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
76 array($POST['email']), __FILE__, __LINE__);
78 // Is a sponsor alread in the db?
79 if (SQL_NUMROWS($result) == 1)
82 SQL_FREERESULT($result);
85 if (($HTTP_GET_VARS['what'] == "add_sponsor") || ($NO_UPDATE))
104 $k = "password"; $v = md5($v);
108 if (!VALIDATE_URL($v)) $SAVE = false;
112 // Test if there is are time selections
113 $TEST = substr($k, -3);
114 if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v)))
116 // Found a multi-selection for timings?
117 $TEST = substr($k, 0, -3);
118 if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2))
120 // Generate timestamp
121 $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
122 $DATA['keys'][] = $TEST;
123 $DATA['values'][] = $POST[$TEST];
125 // Remove data from array
126 unset($POST[$TEST."_ye"]);
127 unset($POST[$TEST."_mo"]);
128 unset($POST[$TEST."_we"]);
129 unset($POST[$TEST."_da"]);
130 unset($POST[$TEST."_ho"]);
131 unset($POST[$TEST."_mi"]);
132 unset($POST[$TEST."_se"]);
135 $k = ""; $skip = true; $TEST2 = $TEST;
140 $skip = false; $TEST2 = "";
145 if ((!empty($k)) && ($skip == false))
148 $DATA['keys'][] = $k; $DATA['values'][] = $v;
156 // Default is no force even when a guest want to abuse this force switch
157 if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = "0";
159 // SQL and message string is empty by default
160 $SQL = ""; $MSG = "";
166 $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
167 foreach ($DATA['keys'] as $k=>$v)
169 $SQL .= $v."='%s', ";
172 // Remove last ", " from SQL string
173 $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
174 $DATA['values'][] = bigintval($HTTP_GET_VARS['id']);
177 $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
180 elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN())))
182 // Add new sponsor, first add more data
183 $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
184 $DATA['keys'][] = "status";
185 if ((!$NO_UPDATE) && (IS_ADMIN()) && ($HTTP_GET_VARS['what'] == "add_sponsor"))
187 // Only allowed for admin
188 $DATA['values'][] = "PENDING";
193 $DATA['values'][] = "UNCONFIRMED";
195 // Generate hash code
196 $DATA['keys'][] = "hash";
197 $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
198 $DATA['keys'][] = "remote_addr";
199 $DATA['values'][] = $_SERVER['REMOTE_ADDR'];
202 // Implode all data into strings
203 $KEYS = implode(", " , $DATA['keys']);
204 $VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
207 $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES('".$VALUES."%s')";
210 $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
213 elseif ((!$NO_UPDATE) && (IS_ADMIN()))
215 // Add all data as hidden data
217 foreach ($POST as $k=>$v)
219 // Do not add 'force' !
222 $OUT .= "<INPUT type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\">\n";
225 define('__HIDDEN_DATA', $OUT);
226 define('__EMAIL' , $POST['email']);
228 // Ask for adding a sponsor with same email address
229 LOAD_TEMPLATE("admin_add_sponsor_already");
235 $MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
242 $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
246 if ((!$NO_UPDATE) && (IS_ADMIN()))
248 LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
254 $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
255 LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
258 // Shall we return the status?
259 if ($RET_STATUS) return $ret;
262 function SPONSOR_TRANSLATE_STATUS($status)
267 $ret = ACCOUNT_UNCONFIRMED;
271 $ret = ACCOUNT_CONFIRMED;
275 $ret = ACCOUNT_LOCKED;
279 $ret = ACCOUNT_PENDING;
283 $ret = ACCOUNT_EMAIL;
287 $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2;
292 // Search for an email address in the database
293 function SPONSOR_FOUND_EMAIL_DB($email)
295 // Default status is failed (as it is always be...)
298 // Check for email (and secure input)
299 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
300 array($email), __FILE__, __LINE__);
302 // Do we already have the provided email address in our DB?
303 if (SQL_NUMROWS($result) == 1) $ret = true;
309 function SPONSOR_SET_MESSAGE($msg, $pos, $array)
311 // Check if the requested message was found in array
312 if (isset($array[$pos]))
314 // ... if yes then use it!
319 // ... else use default message
327 function IS_SPONSOR()
332 if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass'])))
334 // Check cookies against database records...
335 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
336 WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
337 array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
338 if (SQL_NUMROWS($result) == 1)
345 SQL_FREERESULT($result);
352 function GENERATE_SPONSOR_MENU($current)
355 $WHERE = " AND active='Y'";
356 if (IS_ADMIN()) $WHERE = "";
358 // Load main menu entries
359 $result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu
360 WHERE what='' ".$WHERE."
361 ORDER BY sort", __FILE__, __LINE__);
362 if (SQL_NUMROWS($result_main) > 0)
364 // Load every menu and it's sub menus
365 while(list($action, $title_main) = SQL_FETCHROW($result_main))
368 $result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
369 WHERE action='%s' AND what != '' ".$WHERE."
370 ORDER BY sort", array($action), __FILE__, __LINE__);
371 if (SQL_NUMROWS($result_sub) > 0)
375 while(list($what, $title_sub) = SQL_FETCHROW($result_sub))
377 // Check if current selected menu is matching the loaded one
378 if ($current == $what) $title_sub = "<STRONG>".$title_sub."</STRONG>";
380 // Prepare data for the sub template
383 'title' => $title_sub
387 $SUB .= LOAD_TEMPLATE("sponsor_what", true, $content);
390 // Prepare data for the main template
392 'title' => $title_main,
396 // Load menu template
397 $OUT .= LOAD_TEMPLATE("sponsor_action", true, $content);
401 // No sub menus active
402 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_SUB_MENUS_ACTIVE);
406 SQL_FREERESULT($result_sub);
411 // No main menus active
412 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MAIN_MENUS_ACTIVE);
416 SQL_FREERESULT($result_main);
422 function GENERATE_SPONSOR_CONTENT($what)
424 global $HTTP_POST_VARS, $HTTP_GET_VARS, $CONFIG;
425 $FILE = PATH."inc/modules/sponsor/".$what.".php";
427 if (@file_exists($FILE))
429 // Every sponsor action will output nothing directly. It will be written into $OUT!
435 $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
442 function UPDATE_SPONSOR_LOGIN()
444 global $_COOKIE, $CONFIG;
446 // Check if cookies are set
447 if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
449 // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
450 // seperate timeout for these two cookies?
451 $life = (time() + $CONFIG['online_timeout']);
453 // Is confirmed so both is fine and we can continue with login procedure
454 $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
455 (setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH)));
460 // Update last online timestamp
461 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
462 SET last_online='".time()."'
463 WHERE id='%s' AND password='%s' LIMIT 1",
464 array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
471 function SPONSOR_SAVE_DATA($POST, $content)
473 global $_COOKIE, $_SERVER, $HTTP_GET_VARS;
476 // Unsecure data which we don't want
477 $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
478 'points_amount', 'points_used', 'refid', 'hash' , 'last_pay', 'last_curr', 'pass_old',
479 'ok', 'pass1', 'pass2');
481 // Set default message ("not saved")
482 $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
484 // Check for submitted passwords
485 if ((!empty($HTTP_POST_VARS['pass1'])) && (!empty($HTTP_POST_VARS['pass2'])))
487 // Are both passwords the same?
488 if ($HTTP_POST_VARS['pass1'] == $HTTP_POST_VARS['pass2'])
490 // Okay, then set password and remove pass1 and pass2
491 $HTTP_POST_VARS['password'] = md5($HTTP_POST_VARS['pass1']);
495 // Remove all (maybe spoofed) unsafe data from array
496 foreach ($UNSAFE as $remove)
498 unset($POST[$remove]);
501 // This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
505 // Prepare SQL string
506 $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
507 foreach ($POST as $key=>$value)
509 // Mmmmm, too less security here???
510 $SQL .= " ".strip_tags($key)."='%s',";
512 // We will secure this later inside the SQL_QUERY_ESC() function
513 $DATA[] = strip_tags($value);
515 // Compile {SLASH} and so on for the email templates
516 $POST[$key] = COMPILE_CODE($value);
519 // Check if email has changed
520 if ((!empty($content['email'])) && (!empty($POST['email'])))
522 if ($content['email'] != $POST['email'])
524 // Change email address
527 // Okay, has changed then add status with UNCONFIRMED and new hash code
528 $SQL .= " status='EMAIL', hash='%s',";
530 // Generate hash code
531 $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".$_SERVER['REMOTE_ADDR'].":".$_SERVER['HTTP_USER_AGENT'].":".time());
536 // Remove last commata
537 $SQL = substr($SQL, 0, -1);
540 $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
541 $DATA[] = bigintval($_COOKIE['sponsorid']);
542 $DATA[] = $_COOKIE['sponsorpass'];
544 // Saving data was completed... ufff...
545 switch ($HTTP_GET_VARS['what'])
547 case "account": // Change account data
550 $MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED;
551 $templ = "admin_sponsor_change_email";
552 $subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
556 $MSG = SPONSOR_ACCOUNT_DATA_SAVED;
557 $templ = "admin_sponsor_change_data";
558 $subj = ADMIN_SPONSOR_ACC_DATA_SUBJ;
562 case "settings": // Change settings
563 // Translate some data
564 $content['receive'] = TRANSLATE_YESNO($content['receive_warnings']);
565 $content['interval'] = CREATE_FANCY_TIME($content['warning_interval']);
567 // Set message template and subject for admin
568 $MSG = SPONSOR_SETTINGS_SAVED;
569 $templ = "admin_sponsor_settings";
570 $subj = ADMIN_SPONSOR_SETTINGS_SUBJ;
573 default: // Unknown sponsor what value!
574 $MSG = SPONSOR_UNKNOWN_WHAT_1.$HTTP_GET_VARS['what'].SPONSOR_UNKNOWN_WHAT_2;
575 $templ = ""; $subj = "";
579 if (SQL_AFFECTEDROWS() == 1)
581 if (!empty($templ) && !empty($subj))
583 // Run SQL command and check for success
584 $result = SQL_QUERY_ESC($SQL, $DATA, __FILE__, __LINE__);
586 // Add all data to content
591 if (isset($content['salut'])) $content['salut'] = TRANSLATE_SEX($content['salut']);
592 if (isset($DATA['salut'])) $DATA['salut'] = TRANSLATE_SEX($DATA['salut']);
593 if (isset($content['receive_warnings'])) $DATA['receive'] = TRANSLATE_YESNO($POST['receive_warnings']);
594 if (isset($content['warning_interval'])) $DATA['interval'] = CREATE_FANCY_TIME($POST['warning_interval']);
596 // Send email to admins
597 if (GET_EXT_VERSION("admins") < "0.4.1")
599 // Use old method to send out
600 $msg = LOAD_EMAIL_TEMPLATE($templ, $content);
601 SEND_ADMIN_EMAILS($subj, $msg);
605 // Use new system to send out
606 SEND_ADMIN_EMAILS_PRO($subj, $templ, $content);
609 // Shall we send mail to the sponsor's new email address?
610 if ($content['receive_warnings'] == "Y")
612 // Okay send email with confirmation link to new address and with no confirmation link
613 // to the old address
615 // First to old address
616 switch ($HTTP_GET_VARS['what'])
618 case "account": // Change account data
619 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
620 SEND_EMAIL($content['email'], SPONSOR_ACC_DATA_SUBJ, $email_msg);
624 // Add hash code to content array
625 $content['hash'] = $HASH;
627 // Second mail goes to the new address
628 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content);
629 SEND_EMAIL($content['email'], SPONSOR_ACC_EMAIL_SUBJ, $email_msg);
633 case "settings": // Change settings
635 $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content);
636 SEND_EMAIL($content['email'], SPONSOR_SETTINGS_SUBJ, $email_msg);
643 // Return final message