2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
35 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
37 } elseif ((!EXT_IS_ACTIVE("sponsor"))) {
38 addFatalMessage(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "sponsor");
42 // Add description as navigation point
43 ADD_DESCR("guest", __FILE__);
46 if (!empty($_GET['mode'])) {
47 // A "special" mode of the login system was requested
48 switch ($_GET['mode'])
50 case "activate" : $MODE = "activate"; break; // Activation link requested
51 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
55 // Check if hash for confirmation of email address is given...
56 if (!empty($_GET['hash'])) {
58 $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
59 company, position, tax_ident,
60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
61 points_amount AS points, last_pay AS pay, last_curr AS curr
62 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
63 WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
64 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
65 if (SQL_NUMROWS($result) == 1) {
66 // Sponsor found, load his data...
67 $SPONSOR = SQL_FETCHARRAY($result);
69 // Translate gender and comma
70 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
71 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
72 $SPONSOR['pay'] = TRANSLATE_COMMA($SPONSOR['pay']);
74 // Unconfirmed account or changed email address?
75 if ($SPONSOR['status'] == "UNCONFIRMED") {
76 // Set account to pending
77 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
78 WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
79 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
82 if (SQL_AFFECTEDROWS() == 1) {
83 // Prepare mail and send it to the sponsor
84 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
85 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
87 // Send email to admin
88 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
90 // Sponsor account set to pending
91 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
93 // Could not unlock account!
94 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
96 } elseif ($SPONSOR['status'] == "EMAIL") {
97 // Changed email adress need to be confirmed
98 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
99 WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
100 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
103 if (SQL_AFFECTEDROWS() == 1) {
104 // Sponsor account is unlocked again
105 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
107 // Could not unlock account!
108 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
111 /// ??? Other status?
112 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
116 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
120 SQL_FREERESULT($result);
121 } elseif ($MODE == "activate") {
122 // Send activation link again
123 if (isset($_POST['ok'])) {
124 // Check submitted data
125 if (empty($_POST['email'])) unset($_POST['ok']);
128 if (isset($_POST['ok'])) {
130 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
131 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
132 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
133 array($_POST['email']), __FILE__, __LINE__);
136 if (SQL_NUMROWS($result) == 1) {
137 // Unconfirmed sponsor account found so let's load the requested data
138 $SPONSOR = SQL_FETCHARRAY($result);
140 // Translate some data
141 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
142 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
144 // Prepare email and send it to the sponsor
145 if ($SPONSOR['status'] == "UNCONFIRMED") {
146 // Unconfirmed accounts
147 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
149 // Confirmed email address
150 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
152 SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
155 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
157 // No account found or not UNCONFIRMED
158 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
162 SQL_FREERESULT($result);
165 LOAD_TEMPLATE("guest_sponsor_activate");
167 } elseif ($MODE == "lost_pass") {
169 if (isset($_POST['ok'])) {
170 // Check submitted data
171 if (empty($_POST['email'])) unset($_POST['ok']);
174 if (isset($_POST['ok'])) {
176 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
177 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
178 WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
179 array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
181 if (SQL_NUMROWS($result) == 1) {
182 // Unconfirmed sponsor account found so let's load the requested data
183 $SPONSOR = SQL_FETCHARRAY($result);
185 // Translate some data
186 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
187 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
190 $SPONSOR['password'] = GEN_PASS();
192 // Prepare email and send it to the sponsor
193 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
194 SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
197 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
198 WHERE id='%s' LIMIT 1",
199 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
202 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
204 // No account found or not UNCONFIRMED
205 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
209 SQL_FREERESULT($result);
212 LOAD_TEMPLATE("guest_sponsor_lost");
214 } elseif (isset($_POST['ok'])) {
215 // Check status and login data ...
216 $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
217 WHERE id='%s' AND password='%s' LIMIT 1",
218 array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
219 if (SQL_NUMROWS($result) == 1) {
220 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
221 list($status) = SQL_FETCHROW($result);
222 if ($status == "CONFIRMED") {
223 // Is confirmed so both is fine and we can continue with login procedure
224 $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) &&
225 (set_session('sponsorpass', md5($_POST['pass']) ))
229 // Cookie setup successfull so we can forward to sponsor area
230 LOAD_URL("modules.php?module=sponsor");
232 // Cookie setup failed!
233 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
235 // Login formular and other links
236 LOAD_TEMPLATE("guest_sponsor_login");
239 // Status is not fine
240 $content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
241 LOAD_TEMPLATE("admin_settings_saved", false, $content);
243 // Login formular and other links
244 LOAD_TEMPLATE("guest_sponsor_login");
247 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
248 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
250 // Login formular and other links
251 LOAD_TEMPLATE("guest_sponsor_login");
255 SQL_FREERESULT($result);
257 // Login formular and other links
258 LOAD_TEMPLATE("guest_sponsor_login");