2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 06/10/2005 *
4 * =================== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * Copyright (c) 2009, 2010 by Mailer Developer Team *
22 * For more information visit: http://www.mxchange.org *
24 * This program is free software; you can redistribute it and/or modify *
25 * it under the terms of the GNU General Public License as published by *
26 * the Free Software Foundation; either version 2 of the License, or *
27 * (at your option) any later version. *
29 * This program is distributed in the hope that it will be useful, *
30 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
32 * GNU General Public License for more details. *
34 * You should have received a copy of the GNU General Public License *
35 * along with this program; if not, write to the Free Software *
36 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
38 ************************************************************************/
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
45 // Add description as navigation point
46 addMenuDescription('guest', __FILE__);
48 if ((!isExtensionActive('sponsor'))) {
49 loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor'));
54 if (isGetRequestParameterSet('mode')) {
55 // A "special" mode of the login system was requested
56 switch (getRequestParameter('mode')) {
57 case 'activate' : $mode = 'activate'; break; // Activation link requested
58 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
62 // Check if hash for confirmation of email address is given...
63 if (isGetRequestParameterSet('hash')) {
65 $result = SQL_QUERY_ESC("SELECT
66 `id`, `status`, `gender`, `surname`, `family`,
67 `company`, `position`, `tax_ident`,
68 `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
69 `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr
71 `{?_MYSQL_PREFIX?}_sponsor_data`
73 `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
74 LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
75 if (SQL_NUMROWS($result) == 1) {
76 // Sponsor found, load his data...
77 $data = SQL_FETCHARRAY($result);
79 // Unconfirmed account or changed email address?
80 if ($data['status'] == 'UNCONFIRMED') {
81 // Set account to pending
83 `{?_MYSQL_PREFIX?}_sponsor_data`
89 `status`='UNCONFIRMED'
92 bigintval($data['id']),
93 getRequestParameter('hash')
94 ), __FILE__, __LINE__);
97 if (SQL_AFFECTEDROWS() == 1) {
98 // Prepare mail and send it to the sponsor
99 $message = loadEmailTemplate('sponsor_pending', $data);
100 sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
102 // Send email to admin
103 sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
105 // Sponsor account set to pending
106 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_PENDING--}');
108 // Could not unlock account!
109 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
111 } elseif ($data['status'] == 'EMAIL') {
112 // Changed email adress need to be confirmed
113 SQL_QUERY_ESC("UPDATE
114 `{?_MYSQL_PREFIX?}_sponsor_data`
122 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
125 if (SQL_AFFECTEDROWS() == 1) {
126 // Sponsor account is unlocked again
127 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
129 // Could not unlock account!
130 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
133 /// ??? Other status?
134 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
138 loadTemplate('admin_settings_saved', false, getMaskedMessage('SPONSOR_ACCOUNT_404', getRequestParameter('hash')));
142 SQL_FREERESULT($result);
143 } elseif ($mode == 'activate') {
144 // Send activation link again
146 // Check submitted data
147 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
152 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
153 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
154 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
155 array(postRequestParameter('email')), __FILE__, __LINE__);
158 if (SQL_NUMROWS($result) == 1) {
159 // Unconfirmed sponsor account found so let's load the requested data
160 $data = SQL_FETCHARRAY($result);
162 // Translate some data
163 $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
165 // Prepare email and send it to the sponsor
166 if ($data['status'] == 'UNCONFIRMED') {
167 // Unconfirmed accounts
168 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
170 // Confirmed email address
171 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
173 sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
176 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_SENT--}');
178 // No account found or not UNCONFIRMED
179 loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_404--}');
183 SQL_FREERESULT($result);
186 loadTemplate('guest_sponsor_activate');
188 } elseif ($mode == 'lost_pass') {
191 // Check submitted data
192 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
197 $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
198 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
199 WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1",
200 array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
203 if (SQL_NUMROWS($result) == 1) {
204 // Unconfirmed sponsor account found so let's load the requested data
205 $DATA = SQL_FETCHARRAY($result);
207 // Translate some data
208 $DATA['gender'] = translateGender($DATA['gender']);
209 $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
212 $DATA['password'] = generatePassword();
214 // Prepare email and send it to the sponsor
215 $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
216 sendEmail(postRequestParameter('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
219 SQL_QUERY_ESC("UPDATE
220 `{?_MYSQL_PREFIX?}_sponsor_data`
226 array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
229 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_SENT--}');
231 // No account found or not UNCONFIRMED
232 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_404--}');
236 SQL_FREERESULT($result);
239 loadTemplate('guest_sponsor_lost');
241 } elseif (isFormSent()) {
242 // Check status and login data ...
243 $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data`
244 WHERE `id`='%s' AND password='%s' LIMIT 1",
245 array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__);
247 if (SQL_NUMROWS($result) == 1) {
248 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
249 list($status) = SQL_FETCHROW($result);
250 if ($status == 'CONFIRMED') {
251 // Is confirmed so both is fine and we can continue with login procedure
252 $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) &&
253 (setSession('sponsorpass', md5(postRequestParameter('pass')) ))
256 if ($login === true) {
257 // Cookie setup successfull so we can forward to sponsor area
258 redirectToUrl('modules.php?module=sponsor');
260 // Cookie setup failed!
261 loadTemplate('admin_settings_saved', false, '{--SPONSPOR_COOKIE_SETUP_FAILED--}');
263 // Login formular and other links
264 loadTemplate('guest_sponsor_login');
267 // Status is not fine
268 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
270 // Login formular and other links
271 loadTemplate('guest_sponsor_login');
274 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
275 loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
277 // Login formular and other links
278 loadTemplate('guest_sponsor_login');
282 SQL_FREERESULT($result);
284 // Login formular and other links
285 loadTemplate('guest_sponsor_login');