2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 06/10/2005 *
4 * =================== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
13 * Copyright (c) 2003 - 2009 by Roland Haeder *
14 * Copyright (c) 2009 - 2016 by Mailer Developer Team *
15 * For more information visit: http://mxchange.org *
17 * This program is free software; you can redistribute it and/or modify *
18 * it under the terms of the GNU General Public License as published by *
19 * the Free Software Foundation; either version 2 of the License, or *
20 * (at your option) any later version. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
38 // Add description as navigation point
39 addYouAreHereLink('guest', __FILE__);
41 if ((!isExtensionActive('sponsor'))) {
42 displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}');
44 } elseif (isSponsor()) {
45 // Is already a logged-in sponsor
46 redirectToUrl('modules.php?module=sponsor');
50 if (isGetRequestElementSet('do')) {
51 // A "special" mode of the login system was requested
52 switch (getRequestElement('do')) {
53 case 'activate' : $mode = 'activate'; break; // Activation link requested
54 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
58 // Check if hash for confirmation of email address is given...
59 if (isGetRequestElementSet('hash')) {
61 $result = sqlQueryEscaped("SELECT
62 `id`, `status`, `gender`, `surname`, `family`,
63 `company`, `position`, `tax_ident`,
64 `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
65 `points_amount` AS `points`, `last_payment`, `last_currency`
67 `{?_MYSQL_PREFIX?}_sponsor_data`
70 `status`='UNCONFIRMED' OR
73 LIMIT 1", array(getRequestElement('hash')), __FILE__, __LINE__);
74 if (sqlNumRows($result) == 1) {
75 // Sponsor found, load his data...
76 $data = sqlFetchArray($result);
78 // Unconfirmed account or changed email address?
79 if ($data['status'] == 'UNCONFIRMED') {
80 // Set account to pending
81 sqlQueryEscaped("UPDATE
82 `{?_MYSQL_PREFIX?}_sponsor_data`
89 `status`='UNCONFIRMED'
92 bigintval($data['id']),
93 getRequestElement('hash')
94 ), __FILE__, __LINE__);
97 if (!ifSqlHasZeroAffectedRows()) {
98 // Prepare mail and send it to the sponsor
99 $message = loadEmailTemplate('sponsor_pending', $data);
100 sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
102 // Send email to admin
103 sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
105 // Sponsor account set to pending
106 displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}');
108 // Could not unlock account!
109 displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
111 } elseif ($data['status'] == 'EMAIL') {
112 // Changed email adress need to be confirmed
113 sqlQueryEscaped("UPDATE
114 `{?_MYSQL_PREFIX?}_sponsor_data`
116 `status`='CONFIRMED',
123 array(bigintval($data['id']), getRequestElement('hash')), __FILE__, __LINE__);
126 if (!ifSqlHasZeroAffectedRows()) {
127 // Sponsor account is unlocked again
128 displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
130 // Could not unlock account!
131 displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
135 displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
139 displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestElement('hash') . '%}');
143 sqlFreeResult($result);
144 } elseif ($mode == 'activate') {
145 // Send activation link again
146 if (isFormSent('login')) {
147 // Check submitted data
148 if (!isPostRequestElementSet('email')) unsetPostRequestElement('login');
151 if (isFormSent('login')) {
153 $result = sqlQueryEscaped("SELECT
161 UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
163 `{?_MYSQL_PREFIX?}_sponsor_data`
165 '%s' REGEXP `email` AND
166 (`status`='UNCONFIRMED' OR `status`='EMAIL')
168 array(postRequestElement('email')), __FILE__, __LINE__);
171 if (sqlNumRows($result) == 1) {
172 // Unconfirmed sponsor account found so let's load the requested data
173 $data = sqlFetchArray($result);
175 // Translate some data
176 $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
178 // Prepare email and send it to the sponsor
179 if ($data['status'] == 'UNCONFIRMED') {
180 // Unconfirmed accounts
181 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
183 // Confirmed email address
184 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
186 sendEmail(postRequestElement('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
189 displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}');
191 // No account found or not UNCONFIRMED
192 displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}');
196 sqlFreeResult($result);
199 loadTemplate('guest_sponsor_activate');
201 } elseif ($mode == 'lost_pass') {
203 if (isFormSent('login')) {
204 // Check submitted data
205 if (!isPostRequestElementSet('email')) unsetPostRequestElement('login');
208 if (isFormSent('login')) {
210 $result = sqlQueryEscaped("SELECT
217 UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
219 `{?_MYSQL_PREFIX?}_sponsor_data`
221 '%s' REGEXP `email` AND
225 array(postRequestElement('email'), bigintval(postRequestElement('id'))), __FILE__, __LINE__);
228 if (sqlNumRows($result) == 1) {
229 // Unconfirmed sponsor account found so let's load the requested data
230 $content = sqlFetchArray($result);
232 // Generate password/translate some data
233 $content['password'] = generatePassword();
234 $content['sponsor_created'] = generateDateTime($content['sponsor_created']);
236 // Prepare email and send it to the sponsor
237 $message_sponsor = loadEmailTemplate('sponsor_lost', $content);
238 sendEmail(postRequestElement('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
241 sqlQueryEscaped("UPDATE
242 `{?_MYSQL_PREFIX?}_sponsor_data`
248 array(md5($content['password']), bigintval($content['id'])), __FILE__, __LINE__);
251 displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}');
253 // No account found or not UNCONFIRMED
254 displayMessage('{--SPONSOR_LOST_PASSWORD_404--}');
258 sqlFreeResult($result);
261 loadTemplate('guest_sponsor_lost');
263 } elseif (isFormSent('login')) {
264 // Check status and login data ...
265 $result = sqlQueryEscaped("SELECT
268 `{?_MYSQL_PREFIX?}_sponsor_data`
274 bigintval(postRequestElement('sponsor_id')),
275 md5(postRequestElement('password'))
276 ), __FILE__, __LINE__);
278 if (sqlNumRows($result) == 1) {
279 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
280 list($status) = sqlFetchRow($result);
281 if ($status == 'CONFIRMED') {
282 // Is confirmed so both is fine and we can continue with login procedure
283 $login = ((setSession('sponsor_id' , bigintval(postRequestElement('sponsor_id')))) &&
284 (setSession('sponsor_pass', md5(postRequestElement('password')) ))
287 if ($login === TRUE) {
288 // Cookie setup successfull so we can forward to sponsor area
289 redirectToUrl('modules.php?module=sponsor');
291 // Cookie setup failed!
292 displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}');
294 // Login formular and other links
295 loadTemplate('guest_sponsor_login');
298 // Status is not fine
299 displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
301 // Login formular and other links
302 loadTemplate('guest_sponsor_login');
305 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
306 displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
308 // Login formular and other links
309 loadTemplate('guest_sponsor_login');
313 sqlFreeResult($result);
315 // Login formular and other links
316 loadTemplate('guest_sponsor_login');