]> git.mxchange.org Git - mailer.git/blob - inc/libs/sponsor_functions.php
Naming convention applied (database columns, keys), Code cosmetics applied:
[mailer.git] / inc / libs / sponsor_functions.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 04/23/2005 *
4  * ===================                          Last change: 05/18/2008 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : sponsor_functions.php                            *
8  * -------------------------------------------------------------------- *
9  * Short description : Functions for the sponsor area                   *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Funktionen fuer den Sponsorenbereich             *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
21  * Copyright (c) 2009, 2010 by Mailer Developer Team                    *
22  * For more information visit: http://www.mxchange.org                  *
23  *                                                                      *
24  * This program is free software; you can redistribute it and/or modify *
25  * it under the terms of the GNU General Public License as published by *
26  * the Free Software Foundation; either version 2 of the License, or    *
27  * (at your option) any later version.                                  *
28  *                                                                      *
29  * This program is distributed in the hope that it will be useful,      *
30  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
31  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
32  * GNU General Public License for more details.                         *
33  *                                                                      *
34  * You should have received a copy of the GNU General Public License    *
35  * along with this program; if not, write to the Free Software          *
36  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
37  * MA  02110-1301  USA                                                  *
38  ************************************************************************/
39
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
42         die();
43 }
44
45 //
46 function handlSponsorRequest (&$postData, $update=false, $messageArray=array(), $RET_STATUS=false) {
47         // Init a lot variables
48         $SAVE = true;
49         $UPDATE = false;
50         $skip = false;
51         $ALREADY = false;
52         $ret = "unused";
53
54         // Skip these entries
55         $SKIPPED = array(
56                 'ok', 'edit', 'terms', 'pay_type'
57         );
58
59         // Save sponsor data
60         $DATA = array(
61                 'keys'   => array(),
62                 'values' => array()
63         );
64
65                 // Check if sponsor already exists
66                 foreach ($postData as $k => $v) {
67                         if (!(array_search($k, $SKIPPED) > -1)) {
68                                 // Check only posted input entries not the submit button
69                                 switch ($k)
70                                 {
71                                         case 'email':
72                                                 $ALREADY = false;
73                                                 if (!isEmailValid($v)) {
74                                                         // Email address is not valid
75                                                         $SAVE = false;
76                                                 } else {
77                                                         // Do we want to add a new sponsor or update his data?
78                                                         $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE email='%s' LIMIT 1",
79                                                         array($postData['email']), __FUNCTION__, __LINE__);
80
81                                                         // Is a sponsor alread in the db?
82                                                         if (SQL_NUMROWS($result) == 1) {
83                                                                 // Yes, he is!
84                                                                 if ((getWhat() == 'add_sponsor') || ($update)) {
85                                                                         // Already found!
86                                                                         $ALREADY = true;
87                                                                 } else {
88                                                                         // Update his data
89                                                                         $UPDATE = true;
90                                                                 }
91                                                         }
92
93                                                         // Free memory
94                                                         SQL_FREERESULT($result);
95                                                 }
96                                                 break;
97
98                                         case 'pass1':
99                                                 $k = ''; $v = '';
100                                                 break;
101
102                                         case 'pass2':
103                                                 $k = 'password'; $v = md5($v);
104                                                 break;
105
106                                         case 'url':
107                                                 if (!isUrlValid($v)) $SAVE = false;
108                                                 break;
109
110                                         default:
111                                                 // Test if there is are time selections
112                                                 convertSelectionsToTimestamp($postData, $DATA, $k, $skip);
113                                                 break;
114                                 }
115
116                                 if ((!empty($k)) && ($skip == false)) {
117                                         // Add data
118                                         $DATA['keys'][] = $k; $DATA['values'][] = $v;
119                                 }
120                         }
121                 }
122
123                 // Save sponsor?
124                 if ($SAVE === true) {
125                         // Default is no force even when a guest want to abuse this force switch
126                         if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';
127
128                         // SQL and message string is empty by default
129                         $sql = ''; $message = '';
130
131                         // Update?
132                         if ($UPDATE) {
133                                 // Update his data
134                                 $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET ";
135                                 foreach ($DATA['keys'] as $k => $v) {
136                                         $sql .= $v."='%s', ";
137                                 }
138
139                                 // Remove last ", " from SQL string
140                                 $sql = substr($sql, 0, -2)." WHERE `id`='%s' LIMIT 1";
141                                 $DATA['values'][] = bigintval(getRequestParameter('id'));
142
143                                 // Generate message
144                                 $message = getMessageFromIndexedArray('{--ADMIN_SPONSOR_UPDATED--}', 'updated', $messageArray);
145                                 $ret = 'updated';
146                         } elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) {
147                                 // Add new sponsor, first add more data
148                                 $DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time();
149                                 $DATA['keys'][] = 'status';
150                                 if (($update === true) && (isAdmin()) && (getWhat() == 'add_sponsor')) {
151                                         // Only allowed for admin
152                                         $DATA['values'][] = 'PENDING';
153                                 } else {
154                                         // Guest area
155                                         $DATA['values'][] = 'UNCONFIRMED';
156
157                                         // Generate hash code
158                                         $DATA['keys'][] = 'hash';
159                                         $DATA['values'][] = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
160                                         $DATA['keys'][] = 'remote_addr';
161                                         $DATA['values'][] = detectRemoteAddr();
162                                 }
163
164                                 // Implode all data into strings
165                                 $keyArray   = implode('`, `'  , $DATA['keys']);
166                                 $valueArray = str_repeat("%s', '", count($DATA['values']) - 1);
167
168                                 // Generate string
169                                 $sql = 'INSERT INTO `{?_MYSQL_PREFIX?}_sponsor_data` (`' . $keyArray . "`) VALUES ('" . $valueArray . "%s')";
170
171                                 // Generate message
172                                 $message = getMessageFromIndexedArray('{--ADMIN_SPONSOR_ADDED--}', 'added', $messageArray);
173                                 $ret = 'added';
174                         } elseif (($update === true) && (isAdmin())) {
175                                 // Add all data as hidden data
176                                 $OUT = '';
177                                 foreach ($postData as $k => $v) {
178                                         // Do not add 'force' !
179                                         if ($k != 'force') {
180                                                 $OUT .= '<input type="hidden" name="' . secureString($k) . '" value="' . SQL_ESCAPE($v) . '" />';
181                                         } // END - if
182                                 } // END - foreach
183
184                                 // Remember data
185                                 $content['hidden'] = $OUT;
186                                 $content['email']  = $postData['email'];
187
188                                 // Ask for adding a sponsor with same email address
189                                 loadTemplate('admin_add_sponsor_already', false, $content);
190                                 return;
191                         } else {
192                                 // Already added!
193                                 $message = getMaskedMessage('SPONSOR_ALREADY_FOUND', $postData['email']);
194                                 $ret = 'already';
195                         }
196
197                         if (!empty($sql)) {
198                                 // Run SQL command
199                                 $result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
200                         } // END - if
201
202                         // Output message
203                         if (($update === true) && (isAdmin())) {
204                                 loadTemplate('admin_settings_saved', false, $message);
205                         } // END - if
206                 } else {
207                         // Error found!
208                         $message = getMessageFromIndexedArray('{--SPONSOR_DATA_NOT_SAVED--}', 'failed', $messageArray);
209                         loadTemplate('admin_settings_saved', false, $message);
210                 }
211
212                 // Shall we return the status?
213                 if ($RET_STATUS === true) return $ret;
214 }
215
216 //
217 function sponsorTranslateUserStatus ($status) {
218         // Construct constant name
219         $constantName = sprintf("ACCOUNT_%s", $status);
220
221         // Is the constant there?
222         if (defined($constantName)) {
223                 // Then use it
224                 $ret = constant($constantName);
225         } else {
226                 // Not found!
227                 logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
228                 $ret = getMaskedMessage('UNKNOWN_STATUS', $status);
229         }
230         return $ret;
231 }
232
233 // Search for an email address in the database
234 function isSponsorRegisteredWithEmail ($email) {
235         // Do we already have the provided email address in our DB?
236         $ret = (countSumTotalData($email, 'sponsor_data', 'id', 'email', true) == 1);
237
238         // Return result
239         return $ret;
240 }
241
242 // Wether the current user is a sponsor
243 function isSponsor () {
244         // Failed...
245         $ret = false;
246         if ((isSessionVariableSet('sponsor_id')) && (isSessionVariableSet('sponsorpass'))) {
247                 // Check cookies against database records...
248                 $result = SQL_QUERY_ESC("SELECT
249         `id`
250 FROM
251         `{?_MYSQL_PREFIX?}_sponsor_data`
252 WHERE
253         `id`='%s' AND `password`='%s' AND `status`='CONFIRMED'
254 LIMIT 1",
255                         array(
256                                 bigintval(getSession('sponsor_id')),
257                                 getSession('sponsorpass')
258                         ), __FUNCTION__, __LINE__);
259                 if (SQL_NUMROWS($result) == 1) {
260                         // All is fine
261                         $ret = true;
262                 } // END - if
263
264                 // Free memory
265                 SQL_FREERESULT($result);
266         } // END - if
267
268         // Return status
269         return $ret;
270 }
271
272 //
273 function addSponsorMenu ($current) {
274         $OUT = '';
275         $WHERE = " AND `active`='Y'";
276         if (isAdmin()) $WHERE = '';
277
278         // Load main menu entries
279         $result_main = SQL_QUERY("SELECT
280         `action` AS `main_action`, `title` AS `main_title`
281 FROM
282         `{?_MYSQL_PREFIX?}_sponsor_menu`
283 WHERE
284         (`what`='' OR `what` IS NULL)
285         " . $WHERE . "
286 ORDER BY
287         `sort` ASC", __FUNCTION__, __LINE__);
288         if (!SQL_HASZERONUMS($result_main)) {
289                 // Load every menu and it's sub menus
290                 while ($content = SQL_FETCHARRAY($result_main)) {
291                         // Load sub menus
292                         $result_sub = SQL_QUERY_ESC("SELECT
293         `what` AS `sub_what`, `title` AS `sub_title`
294 FROM
295         `{?_MYSQL_PREFIX?}_sponsor_menu`
296 WHERE
297         `action`='%s' AND
298         `what` != '' AND
299         `what` IS NOT NULL
300         " . $WHERE . "
301 ORDER BY
302         `sort` ASC",
303                         array($content['main_action']), __FUNCTION__, __LINE__);
304                         if (!SQL_HASZERONUMS($result_sub)) {
305                                 // Load sub menus
306                                 $SUB = '';
307                                 while ($content2 = SQL_FETCHARRAY($result_sub)) {
308                                         // Merge both arrays
309                                         $content = merge_array($content, $content2);
310
311                                         // Check if current selected menu is matching the loaded one
312                                         if ($current == $content['sub_what']) $content['sub_title'] = '<strong>' . $content['sub_title'] . '</strong>';
313
314                                         // Prepare data for the sub template
315                                         $content = array(
316                                                 'what'  => $content['sub_what'],
317                                                 'title' => $content['sub_title']
318                                         );
319
320                                         // Load row template
321                                         $SUB .= loadTemplate('sponsor_what', true, $content);
322                                 }
323
324                                 // Prepare data for the main template
325                                 $content = array(
326                                         'title' => $content['main_title'],
327                                         'menu'  => $SUB
328                                 );
329
330                                 // Load menu template
331                                 $OUT .= loadTemplate('sponsor_action', true, $content);
332                         } else {
333                                 // No sub menus active
334                                 $OUT .= loadTemplate('admin_settings_saved', true, '{--SPONSOR_NO_SUB_MENUS_ACTIVE--}');
335                         }
336
337                         // Free memory
338                         SQL_FREERESULT($result_sub);
339                 }
340         } else {
341                 // No main menus active
342                 $OUT .= loadTemplate('admin_settings_saved', true, '{--SPONSOR_NO_MAIN_MENUS_ACTIVE--}');
343         }
344
345         // Free memory
346         SQL_FREERESULT($result_main);
347
348         // Return content
349         return $OUT;
350 }
351
352 //
353 function addSponsorContent ($what) {
354         $OUT = '';
355         $INC = sprintf("inc/modules/sponsor/%s.php", $what);
356         if (isIncludeReadable($INC)) {
357                 // Every sponsor action will output nothing directly. It will be written into $OUT!
358                 loadIncludeOnce($INC);
359         } else {
360                 // File not found!
361                 $OUT .= loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_CONTENT_404', $what));
362         }
363
364         // Return content
365         return $OUT;
366 }
367
368 //
369 function updateSponsorLogin () {
370         // Failed by default
371         $login = false;
372
373         // Is sponsor?
374         if (isSponsor()) {
375                 // Update last online timestamp
376                 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data`
377 SET `last_online`=UNIX_TIMESTAMP()
378 WHERE `id`='%s' AND `password`='%s' LIMIT 1",
379                         array(
380                                 bigintval(getSession('sponsor_id')),
381                                 getSession('sponsorpass')
382                         ), __FUNCTION__, __LINE__);
383
384                 // This update went fine?
385                 $login = (SQL_AFFECTEDROWS() == 1);
386         }
387
388         // Return status
389         return $login;
390 }
391
392 // Saves sponsor's data
393 function saveSponsorData ($postData, $content) {
394         $EMAIL = false;
395
396         // Unsecure data which we don't want
397         $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
398                         'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
399                         'ok', 'pass1', 'pass2');
400
401         // Set default message ("not saved")
402         $message = '{--SPONSOR_ACCOUNT_DATA_NOT_SAVED--}';
403
404         // Check for submitted passwords
405         if ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) {
406                 // Are both passwords the same?
407                 if ($postData['pass1'] == $postData['pass2']) {
408                         // Okay, then set password and remove pass1 and pass2
409                         $postData['password'] = md5($postData['pass1']);
410                 } // END - if
411         } // END - if
412
413         // Remove all (maybe spoofed) unsafe data from array
414         foreach ($UNSAFE as $remove) {
415                 unset($postData[$remove]);
416         } // END - foreach
417
418         // This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
419         // secure the data
420         $DATA = array();
421
422         // Prepare SQL string
423         $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET";
424         foreach ($postData as $key => $value) {
425                 // Mmmmm, too less security here???
426                 $sql   .= " `" . secureString($key) . "`='%s',";
427
428                 // We will secure this later inside the SQL_QUERY_ESC() function
429                 $DATA[] = secureString($value);
430         } // END - foreach
431
432         // Check if email has changed
433         if ((!empty($content['email'])) && (!empty($postData['email']))) {
434                 if ($content['email'] != $postData['email']) {
435                         // Change email address
436                         $EMAIL = true;
437
438                         // Okay, has changed then add status with UNCONFIRMED and new hash code
439                         $sql .= " `status`='EMAIL', `hash`='%s',";
440
441                         // Generate hash code
442                         $HASH = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
443                         $DATA[] = $HASH;
444                 } // END - if
445         } // END - if
446
447         // Remove last commata
448         $sql = substr($sql, 0, -1);
449
450         // Add SQL tail data
451         $sql .= " WHERE `id`=%s AND `password`='%s' LIMIT 1";
452         $DATA[] = bigintval(getSession('sponsor_id'));
453         $DATA[] = getSession('sponsorpass');
454
455         // Saving data was completed... ufff...
456         switch (getWhat()) {
457                 case 'account': // Change account data
458                         if ($EMAIL === true) {
459                                 $message = '{--SPONSOR_ACCOUNT_EMAIL_CHANGED--}';
460                                 $templ   = 'admin_sponsor_change_email';
461                                 $subj    = '{--ADMIN_SPONSOR_ACC_EMAIL_SUBJECT--}';
462                         } else {
463                                 $message = '{--SPONSOR_ACCOUNT_DATA_SAVED--}';
464                                 $templ   = 'admin_sponsor_change_data';
465                                 $subj    = '{--ADMIN_SPONSOR_ACC_DATA_SUBJECT--}';
466                         }
467                         break;
468
469                 case 'settings': // Change settings
470                         // Set message template and subject for admin
471                         $message = '{--SPONSOR_SETTINGS_SAVED--}';
472                         $templ   = 'admin_sponsor_settings';
473                         $subj    = '{--ADMIN_SPONSOR_SETTINGS_SUBJECT--}';
474                         break;
475
476                 default: // Unknown sponsor what value!
477                         logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat()));
478                         $message = getMaskedMessage('SPONSOR_UNKNOWN_WHAT', getWhat());
479                         $templ   = '';
480                         $subj    = '';
481                         break;
482         } // END - switch
483
484         // Has an entry updated?
485         if (SQL_AFFECTEDROWS() == 1) {
486                 // Template and subject are set?
487                 if (!empty($templ) && !empty($subj)) {
488                         // Run SQL command and check for success
489                         $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);
490
491                         // Add all data to content
492                         $content['new_data'] = $postData;
493
494                         // Send email to admins
495                         sendAdminNotification($subj, $templ, $content);
496
497                         // Shall we send mail to the sponsor's new email address?
498                         if ($content['receive_warnings'] == 'Y') {
499                                 /*
500                                  * Okay send email with confirmation link to new address and with no confirmation link
501                                  * to the old address.
502                                  */
503
504                                 // First to old address
505                                 switch (getWhat()) {
506                                         case 'account': // Change account data
507                                                 $email_msg = loadEmailTemplate('sponsor_change_data', $content);
508                                                 sendEmail($content['email'], '{--SPONSOR_ACC_DATA_SUBJECT--}', $email_msg);
509
510                                                 if ($EMAIL === true) {
511                                                         // Add hash code to content array
512                                                         $content['hash'] = $HASH;
513
514                                                         // Second mail goes to the new address
515                                                         $email_msg = loadEmailTemplate('sponsor_change_email', $content);
516                                                         sendEmail($content['email'], '{--SPONSOR_ACC_EMAIL_SUBJECT--}', $email_msg);
517                                                 } // END - if
518                                                 break;
519
520                                         case 'settings': // Change settings
521                                                 // Send email
522                                                 $email_msg = loadEmailTemplate('sponsor_settings', $content);
523                                                 sendEmail($content['email'], '{--SPONSOR_SETTINGS_SUBJECT--}', $email_msg);
524                                                 break;
525                                 } // END - switch
526                         } // END - if
527                 } // END - if
528         } // END - if
529
530         // Return final message
531         return $message;
532 }
533
534 // [EOF]
535 ?>