2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 06/10/2005 *
4 * =================== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * Copyright (c) 2009, 2010 by Mailer Developer Team *
22 * For more information visit: http://www.mxchange.org *
24 * This program is free software; you can redistribute it and/or modify *
25 * it under the terms of the GNU General Public License as published by *
26 * the Free Software Foundation; either version 2 of the License, or *
27 * (at your option) any later version. *
29 * This program is distributed in the hope that it will be useful, *
30 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
32 * GNU General Public License for more details. *
34 * You should have received a copy of the GNU General Public License *
35 * along with this program; if not, write to the Free Software *
36 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
38 ************************************************************************/
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
45 // Add description as navigation point
46 addMenuDescription('guest', __FILE__);
48 if ((!isExtensionActive('sponsor'))) {
49 loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor'));
54 if (isGetRequestParameterSet('mode')) {
55 // A "special" mode of the login system was requested
56 switch (getRequestParameter('mode')) {
57 case 'activate' : $mode = 'activate'; break; // Activation link requested
58 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
62 // Check if hash for confirmation of email address is given...
63 if (isGetRequestParameterSet('hash')) {
65 $result = SQL_QUERY_ESC("SELECT
66 `id`, `status`, `gender`, `surname`, `family`,
67 `company`, `position`, `tax_ident`,
68 `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
69 `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr
71 `{?_MYSQL_PREFIX?}_sponsor_data`
73 `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
74 LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
75 if (SQL_NUMROWS($result) == 1) {
76 // Sponsor found, load his data...
77 $data = SQL_FETCHARRAY($result);
79 // Translate gender and comma
80 $data['gender'] = translateGender($data['gender']);
81 $data['points'] = translateComma($data['points']);
82 $data['pay'] = translateComma($data['pay']);
84 // Unconfirmed account or changed email address?
85 if ($data['status'] == 'UNCONFIRMED') {
86 // Set account to pending
87 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='PENDING'
88 WHERE `id`='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
89 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
92 if (SQL_AFFECTEDROWS() == 1) {
93 // Prepare mail and send it to the sponsor
94 $message = loadEmailTemplate('sponsor_pending', $data);
95 sendEmail($data['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message);
97 // Send email to admin
98 sendAdminNotification(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $data);
100 // Sponsor account set to pending
101 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
103 // Could not unlock account!
104 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
106 } elseif ($data['status'] == 'EMAIL') {
107 // Changed email adress need to be confirmed
108 SQL_QUERY_ESC("UPDATE
109 `{?_MYSQL_PREFIX?}_sponsor_data`
117 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
120 if (SQL_AFFECTEDROWS() == 1) {
121 // Sponsor account is unlocked again
122 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
124 // Could not unlock account!
125 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
128 /// ??? Other status?
129 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
133 loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash')));
137 SQL_FREERESULT($result);
138 } elseif ($mode == 'activate') {
139 // Send activation link again
141 // Check submitted data
142 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
147 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
148 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
149 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
150 array(postRequestParameter('email')), __FILE__, __LINE__);
153 if (SQL_NUMROWS($result) == 1) {
154 // Unconfirmed sponsor account found so let's load the requested data
155 $data = SQL_FETCHARRAY($result);
157 // Translate some data
158 $data['gender'] = translateGender($data['gender']);
159 $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
161 // Prepare email and send it to the sponsor
162 if ($data['status'] == 'UNCONFIRMED') {
163 // Unconfirmed accounts
164 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
166 // Confirmed email address
167 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
169 sendEmail(postRequestParameter('email'), getMessage('SPONSOR_ACTIVATION_LINK_SUBJ'), $message_sponsor);
172 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT'));
174 // No account found or not UNCONFIRMED
175 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404'));
179 SQL_FREERESULT($result);
182 loadTemplate('guest_sponsor_activate');
184 } elseif ($mode == 'lost_pass') {
187 // Check submitted data
188 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
193 $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
194 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
195 WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1",
196 array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
199 if (SQL_NUMROWS($result) == 1) {
200 // Unconfirmed sponsor account found so let's load the requested data
201 $DATA = SQL_FETCHARRAY($result);
203 // Translate some data
204 $DATA['gender'] = translateGender($DATA['gender']);
205 $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
208 $DATA['password'] = generatePassword();
210 // Prepare email and send it to the sponsor
211 $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
212 sendEmail(postRequestParameter('email'), getMessage('SPONSOR_LOST_PASSWORD_SUBJ'), $message_sponsor);
215 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `password`='%s'
216 WHERE `id`='%s' LIMIT 1",
217 array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
220 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT'));
222 // No account found or not UNCONFIRMED
223 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404'));
227 SQL_FREERESULT($result);
230 loadTemplate('guest_sponsor_lost');
232 } elseif (isFormSent()) {
233 // Check status and login data ...
234 $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data`
235 WHERE `id`='%s' AND password='%s' LIMIT 1",
236 array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__);
238 if (SQL_NUMROWS($result) == 1) {
239 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
240 list($status) = SQL_FETCHROW($result);
241 if ($status == 'CONFIRMED') {
242 // Is confirmed so both is fine and we can continue with login procedure
243 $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) &&
244 (setSession('sponsorpass', md5(postRequestParameter('pass')) ))
247 if ($login === true) {
248 // Cookie setup successfull so we can forward to sponsor area
249 redirectToUrl('modules.php?module=sponsor');
251 // Cookie setup failed!
252 loadTemplate('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED'));
254 // Login formular and other links
255 loadTemplate('guest_sponsor_login');
258 // Status is not fine
259 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_' . strtoupper($status) . ''));
261 // Login formular and other links
262 loadTemplate('guest_sponsor_login');
265 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
266 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS'));
268 // Login formular and other links
269 loadTemplate('guest_sponsor_login');
273 SQL_FREERESULT($result);
275 // Login formular and other links
276 loadTemplate('guest_sponsor_login');