2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
35 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
37 } elseif ((!EXT_IS_ACTIVE("sponsor"))) {
39 addFatalMessage(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "sponsor"));
41 addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor");
46 // Add description as navigation point
47 ADD_DESCR("guest", __FILE__);
50 if (!empty($_GET['mode'])) {
51 // A "special" mode of the login system was requested
52 switch ($_GET['mode'])
54 case "activate" : $MODE = "activate"; break; // Activation link requested
55 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
59 // Check if hash for confirmation of email address is given...
60 if (!empty($_GET['hash'])) {
62 $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
63 company, position, tax_ident,
64 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
65 points_amount AS points, last_pay AS pay, last_curr AS curr
66 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
67 WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
68 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
69 if (SQL_NUMROWS($result) == 1) {
70 // Sponsor found, load his data...
71 $SPONSOR = SQL_FETCHARRAY($result);
73 // Translate gender and comma
74 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
75 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
76 $SPONSOR['pay'] = TRANSLATE_COMMA($SPONSOR['pay']);
78 // Unconfirmed account or changed email address?
79 if ($SPONSOR['status'] == "UNCONFIRMED") {
80 // Set account to pending
81 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
82 WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
83 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
86 if (SQL_AFFECTEDROWS() == 1) {
87 // Prepare mail and send it to the sponsor
88 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
89 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
91 // Send email to admin
92 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
94 // Sponsor account set to pending
95 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
97 // Could not unlock account!
98 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
100 } elseif ($SPONSOR['status'] == "EMAIL") {
101 // Changed email adress need to be confirmed
102 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
103 WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
104 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
107 if (SQL_AFFECTEDROWS() == 1) {
108 // Sponsor account is unlocked again
109 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
111 // Could not unlock account!
112 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
115 /// ??? Other status?
116 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
120 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
124 SQL_FREERESULT($result);
125 } elseif ($MODE == "activate") {
126 // Send activation link again
127 if (isset($_POST['ok'])) {
128 // Check submitted data
129 if (empty($_POST['email'])) unset($_POST['ok']);
132 if (isset($_POST['ok'])) {
134 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
135 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
136 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
137 array($_POST['email']), __FILE__, __LINE__);
140 if (SQL_NUMROWS($result) == 1) {
141 // Unconfirmed sponsor account found so let's load the requested data
142 $SPONSOR = SQL_FETCHARRAY($result);
144 // Translate some data
145 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
146 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
148 // Prepare email and send it to the sponsor
149 if ($SPONSOR['status'] == "UNCONFIRMED") {
150 // Unconfirmed accounts
151 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
153 // Confirmed email address
154 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
156 SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
159 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
161 // No account found or not UNCONFIRMED
162 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
166 SQL_FREERESULT($result);
169 LOAD_TEMPLATE("guest_sponsor_activate");
171 } elseif ($MODE == "lost_pass") {
173 if (isset($_POST['ok'])) {
174 // Check submitted data
175 if (empty($_POST['email'])) unset($_POST['ok']);
178 if (isset($_POST['ok'])) {
180 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
181 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
182 WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
183 array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
185 if (SQL_NUMROWS($result) == 1) {
186 // Unconfirmed sponsor account found so let's load the requested data
187 $SPONSOR = SQL_FETCHARRAY($result);
189 // Translate some data
190 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
191 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
194 $SPONSOR['password'] = GEN_PASS();
196 // Prepare email and send it to the sponsor
197 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
198 SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
201 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
202 WHERE id='%s' LIMIT 1",
203 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
206 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
208 // No account found or not UNCONFIRMED
209 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
213 SQL_FREERESULT($result);
216 LOAD_TEMPLATE("guest_sponsor_lost");
218 } elseif (isset($_POST['ok'])) {
219 // Check status and login data ...
220 $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
221 WHERE id='%s' AND password='%s' LIMIT 1",
222 array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
223 if (SQL_NUMROWS($result) == 1) {
224 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
225 list($status) = SQL_FETCHROW($result);
226 if ($status == "CONFIRMED") {
227 // Is confirmed so both is fine and we can continue with login procedure
228 $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) &&
229 (set_session('sponsorpass', md5($_POST['pass']) ))
233 // Cookie setup successfull so we can forward to sponsor area
234 LOAD_URL("modules.php?module=sponsor");
236 // Cookie setup failed!
237 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
239 // Login formular and other links
240 LOAD_TEMPLATE("guest_sponsor_login");
243 // Status is not fine
244 $content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
245 LOAD_TEMPLATE("admin_settings_saved", false, $content);
247 // Login formular and other links
248 LOAD_TEMPLATE("guest_sponsor_login");
251 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
252 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
254 // Login formular and other links
255 LOAD_TEMPLATE("guest_sponsor_login");
259 SQL_FREERESULT($result);
261 // Login formular and other links
262 LOAD_TEMPLATE("guest_sponsor_login");