2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
44 // Add description as navigation point
45 addMenuDescription('guest', __FILE__);
47 if ((!isExtensionActive('sponsor'))) {
48 loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor'));
53 if (isGetRequestElementSet('mode')) {
54 // A "special" mode of the login system was requested
55 switch (getRequestElement('mode')) {
56 case 'activate' : $mode = 'activate'; break; // Activation link requested
57 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
61 // Check if hash for confirmation of email address is given...
62 if (isGetRequestElementSet('hash')) {
64 $result = SQL_QUERY_ESC("SELECT
65 `id`, `status`, `gender`, `surname`, `family`,
66 `company`, `position`, `tax_ident`,
67 `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
68 `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr
70 `{?_MYSQL_PREFIX?}_sponsor_data`
72 `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
73 LIMIT 1", array(getRequestElement('hash')), __FILE__, __LINE__);
74 if (SQL_NUMROWS($result) == 1) {
75 // Sponsor found, load his data...
76 $SPONSOR = SQL_FETCHARRAY($result);
78 // Translate gender and comma
79 $SPONSOR['gender'] = translateGender($SPONSOR['gender']);
80 $SPONSOR['points'] = translateComma($SPONSOR['points']);
81 $SPONSOR['pay'] = translateComma($SPONSOR['pay']);
83 // Unconfirmed account or changed email address?
84 if ($SPONSOR['status'] == 'UNCONFIRMED') {
85 // Set account to pending
86 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='PENDING'
87 WHERE `id`='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
88 array(bigintval($SPONSOR['id']), getRequestElement('hash')), __FILE__, __LINE__);
91 if (SQL_AFFECTEDROWS() == 1) {
92 // Prepare mail and send it to the sponsor
93 $message = loadEmailTemplate('sponsor_pending', $SPONSOR);
94 sendEmail($SPONSOR['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message);
96 // Send email to admin
97 sendAdminNotification(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $SPONSOR);
99 // Sponsor account set to pending
100 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
102 // Could not unlock account!
103 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
105 } elseif ($SPONSOR['status'] == 'EMAIL') {
106 // Changed email adress need to be confirmed
107 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='CONFIRMED'
108 WHERE `id`='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
109 array(bigintval($SPONSOR['id']), getRequestElement('hash')), __FILE__, __LINE__);
112 if (SQL_AFFECTEDROWS() == 1) {
113 // Sponsor account is unlocked again
114 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
116 // Could not unlock account!
117 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
120 /// ??? Other status?
121 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
125 loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestElement('hash')));
129 SQL_FREERESULT($result);
130 } elseif ($mode == 'activate') {
131 // Send activation link again
133 // Check submitted data
134 if (!isPostRequestElementSet('email')) unsetPostRequestElement('ok');
139 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
140 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
141 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
142 array(postRequestElement('email')), __FILE__, __LINE__);
145 if (SQL_NUMROWS($result) == 1) {
146 // Unconfirmed sponsor account found so let's load the requested data
147 $SPONSOR = SQL_FETCHARRAY($result);
149 // Translate some data
150 $SPONSOR['gender'] = translateGender($SPONSOR['gender']);
151 $SPONSOR['sponsor_created'] = generateDateTime($SPONSOR['sponsor_created']);
153 // Prepare email and send it to the sponsor
154 if ($SPONSOR['status'] == 'UNCONFIRMED') {
155 // Unconfirmed accounts
156 $message_sponsor = loadEmailTemplate('sponsor_activate', $SPONSOR);
158 // Confirmed email address
159 $message_sponsor = loadEmailTemplate('sponsor_email', $SPONSOR);
161 sendEmail(postRequestElement('email'), getMessage('SPONSOR_ACTIVATION_LINK_SUBJ'), $message_sponsor);
164 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT'));
166 // No account found or not UNCONFIRMED
167 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404'));
171 SQL_FREERESULT($result);
174 loadTemplate('guest_sponsor_activate');
176 } elseif ($mode == 'lost_pass') {
179 // Check submitted data
180 if (!isPostRequestElementSet('email')) unsetPostRequestElement('ok');
185 $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
186 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
187 WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1",
188 array(postRequestElement('email'), bigintval(postRequestElement('id'))), __FILE__, __LINE__);
191 if (SQL_NUMROWS($result) == 1) {
192 // Unconfirmed sponsor account found so let's load the requested data
193 $DATA = SQL_FETCHARRAY($result);
195 // Translate some data
196 $DATA['gender'] = translateGender($DATA['gender']);
197 $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
200 $DATA['password'] = generatePassword();
202 // Prepare email and send it to the sponsor
203 $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
204 sendEmail(postRequestElement('email'), getMessage('SPONSOR_LOST_PASSWORD_SUBJ'), $message_sponsor);
207 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `password`='%s'
208 WHERE `id`='%s' LIMIT 1",
209 array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
212 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT'));
214 // No account found or not UNCONFIRMED
215 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404'));
219 SQL_FREERESULT($result);
222 loadTemplate('guest_sponsor_lost');
224 } elseif (isFormSent()) {
225 // Check status and login data ...
226 $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data`
227 WHERE `id`='%s' AND password='%s' LIMIT 1",
228 array(bigintval(postRequestElement('sponsorid')), md5(postRequestElement('pass'))), __FILE__, __LINE__);
230 if (SQL_NUMROWS($result) == 1) {
231 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
232 list($status) = SQL_FETCHROW($result);
233 if ($status == 'CONFIRMED') {
234 // Is confirmed so both is fine and we can continue with login procedure
235 $login = ((setSession('sponsorid' , bigintval(postRequestElement('sponsorid')))) &&
236 (setSession('sponsorpass', md5(postRequestElement('pass')) ))
239 if ($login === true) {
240 // Cookie setup successfull so we can forward to sponsor area
241 redirectToUrl('modules.php?module=sponsor');
243 // Cookie setup failed!
244 loadTemplate('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED'));
246 // Login formular and other links
247 loadTemplate('guest_sponsor_login');
250 // Status is not fine
251 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_' . strtoupper($status) . ''));
253 // Login formular and other links
254 loadTemplate('guest_sponsor_login');
257 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
258 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS'));
260 // Login formular and other links
261 loadTemplate('guest_sponsor_login');
265 SQL_FREERESULT($result);
267 // Login formular and other links
268 loadTemplate('guest_sponsor_login');