2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
35 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
39 // Add description as navigation point
40 ADD_DESCR("guest", __FILE__);
43 if (!empty($_GET['mode']))
45 // A "special" mode of the login system was requested
46 switch ($_GET['mode'])
48 case "activate" : $MODE = "activate"; break; // Activation link requested
49 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
53 // Check if hash for confirmation of email address is given...
54 if (!empty($_GET['hash']))
57 $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
58 company, position, tax_ident,
59 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
60 points_amount AS points, last_pay AS pay, last_curr AS curr
61 FROM "._MYSQL_PREFIX."_sponsor_data
62 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
63 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
64 if (SQL_NUMROWS($result) == 1)
66 // Sponsor found, load his data...
67 $SPONSOR = SQL_FETCHARRAY($result);
69 // Translate gender and comma
70 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
71 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
72 $SPONSOR['pay'] = TRANSLATE_COMMA($SPONSOR['pay']);
74 // Unconfirmed account or changed email address?
75 if ($SPONSOR['status'] == "UNCONFIRMED")
77 // Set account to pending
78 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
79 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
80 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
83 if (SQL_AFFECTEDROWS() == 1)
85 // Prepare mail and send it to the sponsor
86 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
87 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
89 // Send email to admin
90 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
92 // Sponsor account set to pending
93 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
97 // Could not unlock account!
98 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
101 elseif ($SPONSOR['status'] == "EMAIL")
103 // Changed email adress need to be confirmed
104 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
105 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
106 array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
109 if (SQL_AFFECTEDROWS() == 1)
111 // Sponsor account is unlocked again
112 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
116 // Could not unlock account!
117 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
122 /// ??? Other status?
123 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
129 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
133 SQL_FREERESULT($result);
135 elseif ($MODE == "activate")
137 // Send activation link again
138 if (isset($_POST['ok']))
140 // Check submitted data
141 if (empty($_POST['email'])) unset($_POST['ok']);
144 if (isset($_POST['ok']))
147 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
148 FROM "._MYSQL_PREFIX."_sponsor_data
149 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
150 array($_POST['email']), __FILE__, __LINE__);
151 if (SQL_NUMROWS($result) == 1)
153 // Unconfirmed sponsor account found so let's load the requested data
154 $SPONSOR = SQL_FETCHARRAY($result);
156 // Translate some data
157 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
158 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
160 // Prepare email and send it to the sponsor
161 if ($SPONSOR['status'] == "UNCONFIRMED")
163 // Unconfirmed accounts
164 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
168 // Confirmed email address
169 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
171 SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
174 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
178 // No account found or not UNCONFIRMED
179 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
183 SQL_FREERESULT($result);
188 LOAD_TEMPLATE("guest_sponsor_activate");
191 elseif ($MODE == "lost_pass")
194 if (isset($_POST['ok']))
196 // Check submitted data
197 if (empty($_POST['email'])) unset($_POST['ok']);
200 if (isset($_POST['ok']))
203 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
204 FROM "._MYSQL_PREFIX."_sponsor_data
205 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
206 array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
207 if (SQL_NUMROWS($result) == 1)
209 // Unconfirmed sponsor account found so let's load the requested data
210 $SPONSOR = SQL_FETCHARRAY($result);
212 // Translate some data
213 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
214 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
217 $SPONSOR['password'] = GEN_PASS();
219 // Prepare email and send it to the sponsor
220 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
221 SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
224 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
225 WHERE id='%s' LIMIT 1",
226 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
229 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
233 // No account found or not UNCONFIRMED
234 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
238 SQL_FREERESULT($result);
243 LOAD_TEMPLATE("guest_sponsor_lost");
246 elseif (isset($_POST['ok']))
248 // Check status and login data ...
249 $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
250 WHERE id='%s' AND password='%s' LIMIT 1",
251 array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
252 if (SQL_NUMROWS($result) == 1)
254 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
255 list($status) = SQL_FETCHROW($result);
256 if ($status == "CONFIRMED")
258 // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
259 // seperate timeout for these two cookies?
260 $life = (time() + $_CONFIG['online_timeout']);
262 // Is confirmed so both is fine and we can continue with login procedure
263 $login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
264 (setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH)));
268 // Cookie setup successfull so we can forward to sponsor area
269 LOAD_URL(URL."/modules.php?module=sponsor");
273 // Cookie setup failed!
274 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
275 OUTPUT_HTML("<br />");
277 // Login formular and other links
278 LOAD_TEMPLATE("guest_sponsor_login");
283 // Status is not fine
284 $content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
285 LOAD_TEMPLATE("admin_settings_saved", false, $content);
286 OUTPUT_HTML("<br />");
288 // Login formular and other links
289 LOAD_TEMPLATE("guest_sponsor_login");
294 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
295 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
296 OUTPUT_HTML("<br />");
298 // Login formular and other links
299 LOAD_TEMPLATE("guest_sponsor_login");
303 SQL_FREERESULT($result);
307 // Login formular and other links
308 LOAD_TEMPLATE("guest_sponsor_login");