2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
36 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
40 // Add description as navigation point
41 ADD_DESCR("guest", basename(__FILE__));
44 if (!empty($_GET['mode']))
46 // A "special" mode of the login system was requested
47 switch ($_GET['mode'])
49 case "activate" : $MODE = "activate"; break; // Activation link requested
50 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
54 // Check if hash for confirmation of email address is given...
55 if (!empty($_GET['hash']))
58 $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
59 company, position, tax_ident,
60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
61 points_amount AS points, last_pay AS pay, last_curr AS curr
62 FROM "._MYSQL_PREFIX."_sponsor_data
63 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
64 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
65 if (SQL_NUMROWS($result) == 1)
67 // Sponsor found, load his data...
68 $SPONSOR = SQL_FETCHARRAY($result);
70 // Translate salut and comma
71 $SPONSOR['salut'] = TRANSLATE_SEX($SPONSOR['salut']);
72 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
73 $SPONSOR['pay'] = TRANSLATE_COMMA($SPONSOR['pay']);
75 // Unconfirmed account or changed email address?
76 if ($SPONSOR['status'] == "UNCONFIRMED")
78 // Set account to pending
79 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
80 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
81 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
84 if (SQL_AFFECTEDROWS() == 1)
86 // Prepare mail and send it to the sponsor
87 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
88 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
90 // Send email to admin
91 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
93 // Sponsor account set to pending
94 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
98 // Could not unlock account!
99 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
102 elseif ($SPONSOR['status'] == "EMAIL")
104 // Changed email adress need to be confirmed
105 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
106 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
107 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
110 if (SQL_AFFECTEDROWS() == 1)
112 // Sponsor account is unlocked again
113 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
117 // Could not unlock account!
118 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
123 /// ??? Other status?
124 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
130 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
134 SQL_FREERESULT($result);
136 elseif ($MODE == "activate")
138 // Send activation link again
139 if (isset($HTTP_POST_VARS['ok']))
141 // Check submitted data
142 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
145 if (isset($HTTP_POST_VARS['ok']))
148 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
149 FROM "._MYSQL_PREFIX."_sponsor_data
150 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
151 array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
152 if (SQL_NUMROWS($result) == 1)
154 // Unconfirmed sponsor account found so let's load the requested data
155 $SPONSOR = SQL_FETCHARRAY($result);
157 // Translate some data
158 $SPONSOR['salut'] = TRANSLATE_SEX($SPONSOR['salut']);
159 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
161 // Prepare email and send it to the sponsor
162 if ($SPONSOR['status'] == "UNCONFIRMED")
164 // Unconfirmed accounts
165 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
169 // Confirmed email address
170 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
172 SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
175 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
179 // No account found or not UNCONFIRMED
180 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
184 SQL_FREERESULT($result);
189 LOAD_TEMPLATE("guest_sponsor_activate");
192 elseif ($MODE == "lost_pass")
195 if (isset($HTTP_POST_VARS['ok']))
197 // Check submitted data
198 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
201 if (isset($HTTP_POST_VARS['ok']))
204 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
205 FROM "._MYSQL_PREFIX."_sponsor_data
206 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
207 array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
208 if (SQL_NUMROWS($result) == 1)
210 // Unconfirmed sponsor account found so let's load the requested data
211 $SPONSOR = SQL_FETCHARRAY($result);
213 // Translate some data
214 $SPONSOR['salut'] = TRANSLATE_SEX($SPONSOR['salut']);
215 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
218 $SPONSOR['password'] = GEN_PASS();
220 // Prepare email and send it to the sponsor
221 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
222 SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
225 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
226 WHERE id='%s' LIMIT 1",
227 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
230 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
234 // No account found or not UNCONFIRMED
235 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
239 SQL_FREERESULT($result);
244 LOAD_TEMPLATE("guest_sponsor_lost");
247 elseif (isset($HTTP_POST_VARS['ok']))
249 // Check status and login data ...
250 $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
251 WHERE id='%s' AND password='%s' LIMIT 1",
252 array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
253 if (SQL_NUMROWS($result) == 1)
255 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
256 list($status) = SQL_FETCHROW($result);
257 if ($status == "CONFIRMED")
259 // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
260 // seperate timeout for these two cookies?
261 $life = (time() + $CONFIG['online_timeout']);
263 // Is confirmed so both is fine and we can continue with login procedure
264 $login = ((setcookie("sponsorid" , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
265 (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass']) , $life, COOKIE_PATH)));
269 // Cookie setup successfull so we can forward to sponsor area
270 LOAD_URL(URL."/modules.php?module=sponsor");
274 // Cookie setup failed!
275 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
278 // Login formular and other links
279 LOAD_TEMPLATE("guest_sponsor_login");
284 // Status is not fine
285 $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
287 LOAD_TEMPLATE("admin_settings_saved", false, $content);
290 // Login formular and other links
291 LOAD_TEMPLATE("guest_sponsor_login");
296 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
297 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
300 // Login formular and other links
301 LOAD_TEMPLATE("guest_sponsor_login");
305 SQL_FREERESULT($result);
309 // Login formular and other links
310 LOAD_TEMPLATE("guest_sponsor_login");