2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 06/10/2005 *
4 * =================== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * Copyright (c) 2009, 2010 by Mailer Developer Team *
22 * For more information visit: http://www.mxchange.org *
24 * This program is free software; you can redistribute it and/or modify *
25 * it under the terms of the GNU General Public License as published by *
26 * the Free Software Foundation; either version 2 of the License, or *
27 * (at your option) any later version. *
29 * This program is distributed in the hope that it will be useful, *
30 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
32 * GNU General Public License for more details. *
34 * You should have received a copy of the GNU General Public License *
35 * along with this program; if not, write to the Free Software *
36 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
38 ************************************************************************/
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
45 // Add description as navigation point
46 addMenuDescription('guest', __FILE__);
48 if ((!isExtensionActive('sponsor'))) {
49 loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor'));
51 } elseif (isSponsor()) {
52 // Is already a logged-in sponsor
53 redirectToUrl('modules.php?module=sponsor');
57 if (isGetRequestParameterSet('mode')) {
58 // A "special" mode of the login system was requested
59 switch (getRequestParameter('mode')) {
60 case 'activate' : $mode = 'activate'; break; // Activation link requested
61 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
65 // Check if hash for confirmation of email address is given...
66 if (isGetRequestParameterSet('hash')) {
68 $result = SQL_QUERY_ESC("SELECT
69 `id`, `status`, `gender`, `surname`, `family`,
70 `company`, `position`, `tax_ident`,
71 `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
72 `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr
74 `{?_MYSQL_PREFIX?}_sponsor_data`
77 `status`='UNCONFIRMED' OR
80 LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
81 if (SQL_NUMROWS($result) == 1) {
82 // Sponsor found, load his data...
83 $data = SQL_FETCHARRAY($result);
85 // Unconfirmed account or changed email address?
86 if ($data['status'] == 'UNCONFIRMED') {
87 // Set account to pending
89 `{?_MYSQL_PREFIX?}_sponsor_data`
96 `status`='UNCONFIRMED'
99 bigintval($data['id']),
100 getRequestParameter('hash')
101 ), __FILE__, __LINE__);
104 if (SQL_AFFECTEDROWS() == 1) {
105 // Prepare mail and send it to the sponsor
106 $message = loadEmailTemplate('sponsor_pending', $data);
107 sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
109 // Send email to admin
110 sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
112 // Sponsor account set to pending
113 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_PENDING--}');
115 // Could not unlock account!
116 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
118 } elseif ($data['status'] == 'EMAIL') {
119 // Changed email adress need to be confirmed
120 SQL_QUERY_ESC("UPDATE
121 `{?_MYSQL_PREFIX?}_sponsor_data`
123 `status`='CONFIRMED',
130 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
133 if (SQL_AFFECTEDROWS() == 1) {
134 // Sponsor account is unlocked again
135 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
137 // Could not unlock account!
138 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
141 /// ??? Other status?
142 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
146 loadTemplate('admin_settings_saved', false, getMaskedMessage('SPONSOR_ACCOUNT_404', getRequestParameter('hash')));
150 SQL_FREERESULT($result);
151 } elseif ($mode == 'activate') {
152 // Send activation link again
154 // Check submitted data
155 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
160 $result = SQL_QUERY_ESC("SELECT
161 `id`, `hash`, `status`, `remote_addr`, `gender`, `surname`, `family`,
162 UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
164 `{?_MYSQL_PREFIX?}_sponsor_data`
167 (`status`='UNCONFIRMED' OR `status`='EMAIL')
169 array(postRequestParameter('email')), __FILE__, __LINE__);
172 if (SQL_NUMROWS($result) == 1) {
173 // Unconfirmed sponsor account found so let's load the requested data
174 $data = SQL_FETCHARRAY($result);
176 // Translate some data
177 $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
179 // Prepare email and send it to the sponsor
180 if ($data['status'] == 'UNCONFIRMED') {
181 // Unconfirmed accounts
182 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
184 // Confirmed email address
185 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
187 sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
190 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_SENT--}');
192 // No account found or not UNCONFIRMED
193 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_404--}');
197 SQL_FREERESULT($result);
200 loadTemplate('guest_sponsor_activate');
202 } elseif ($mode == 'lost_pass') {
205 // Check submitted data
206 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
211 $result = SQL_QUERY_ESC("SELECT
212 `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`,
213 UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
215 `{?_MYSQL_PREFIX?}_sponsor_data`
221 array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
224 if (SQL_NUMROWS($result) == 1) {
225 // Unconfirmed sponsor account found so let's load the requested data
226 $DATA = SQL_FETCHARRAY($result);
228 // Generate password/translate some data
229 $DATA['password'] = generatePassword();
230 $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
232 // Prepare email and send it to the sponsor
233 $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
234 sendEmail(postRequestParameter('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
237 SQL_QUERY_ESC("UPDATE
238 `{?_MYSQL_PREFIX?}_sponsor_data`
244 array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
247 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_SENT--}');
249 // No account found or not UNCONFIRMED
250 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_404--}');
254 SQL_FREERESULT($result);
257 loadTemplate('guest_sponsor_lost');
259 } elseif (isFormSent()) {
260 // Check status and login data ...
261 $result = SQL_QUERY_ESC("SELECT
264 `{?_MYSQL_PREFIX?}_sponsor_data`
270 bigintval(postRequestParameter('sponsor_id')),
271 md5(postRequestParameter('password'))
272 ), __FILE__, __LINE__);
274 if (SQL_NUMROWS($result) == 1) {
275 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
276 list($status) = SQL_FETCHROW($result);
277 if ($status == 'CONFIRMED') {
278 // Is confirmed so both is fine and we can continue with login procedure
279 $login = ((setSession('sponsor_id' , bigintval(postRequestParameter('sponsor_id')))) &&
280 (setSession('sponsor_pass', md5(postRequestParameter('password')) ))
283 if ($login === true) {
284 // Cookie setup successfull so we can forward to sponsor area
285 redirectToUrl('modules.php?module=sponsor');
287 // Cookie setup failed!
288 loadTemplate('admin_settings_saved', false, '{--SPONSPOR_COOKIE_SETUP_FAILED--}');
290 // Login formular and other links
291 loadTemplate('guest_sponsor_login');
294 // Status is not fine
295 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
297 // Login formular and other links
298 loadTemplate('guest_sponsor_login');
301 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
302 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
304 // Login formular and other links
305 loadTemplate('guest_sponsor_login');
309 SQL_FREERESULT($result);
311 // Login formular and other links
312 loadTemplate('guest_sponsor_login');