2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 06/10/2005 *
4 * =================== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
44 // Add description as navigation point
45 addMenuDescription('guest', __FILE__);
47 if ((!isExtensionActive('sponsor'))) {
48 loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor'));
53 if (isGetRequestParameterSet('mode')) {
54 // A "special" mode of the login system was requested
55 switch (getRequestParameter('mode')) {
56 case 'activate' : $mode = 'activate'; break; // Activation link requested
57 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
61 // Check if hash for confirmation of email address is given...
62 if (isGetRequestParameterSet('hash')) {
64 $result = SQL_QUERY_ESC("SELECT
65 `id`, `status`, `gender`, `surname`, `family`,
66 `company`, `position`, `tax_ident`,
67 `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
68 `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr
70 `{?_MYSQL_PREFIX?}_sponsor_data`
72 `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
73 LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
74 if (SQL_NUMROWS($result) == 1) {
75 // Sponsor found, load his data...
76 $data = SQL_FETCHARRAY($result);
78 // Translate gender and comma
79 $data['gender'] = translateGender($data['gender']);
80 $data['points'] = translateComma($data['points']);
81 $data['pay'] = translateComma($data['pay']);
83 // Unconfirmed account or changed email address?
84 if ($data['status'] == 'UNCONFIRMED') {
85 // Set account to pending
86 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='PENDING'
87 WHERE `id`='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
88 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
91 if (SQL_AFFECTEDROWS() == 1) {
92 // Prepare mail and send it to the sponsor
93 $message = loadEmailTemplate('sponsor_pending', $data);
94 sendEmail($data['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message);
96 // Send email to admin
97 sendAdminNotification(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $data);
99 // Sponsor account set to pending
100 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
102 // Could not unlock account!
103 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
105 } elseif ($data['status'] == 'EMAIL') {
106 // Changed email adress need to be confirmed
107 SQL_QUERY_ESC("UPDATE
108 `{?_MYSQL_PREFIX?}_sponsor_data`
116 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
119 if (SQL_AFFECTEDROWS() == 1) {
120 // Sponsor account is unlocked again
121 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
123 // Could not unlock account!
124 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
127 /// ??? Other status?
128 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
132 loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash')));
136 SQL_FREERESULT($result);
137 } elseif ($mode == 'activate') {
138 // Send activation link again
140 // Check submitted data
141 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
146 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
147 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
148 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
149 array(postRequestParameter('email')), __FILE__, __LINE__);
152 if (SQL_NUMROWS($result) == 1) {
153 // Unconfirmed sponsor account found so let's load the requested data
154 $data = SQL_FETCHARRAY($result);
156 // Translate some data
157 $data['gender'] = translateGender($data['gender']);
158 $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
160 // Prepare email and send it to the sponsor
161 if ($data['status'] == 'UNCONFIRMED') {
162 // Unconfirmed accounts
163 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
165 // Confirmed email address
166 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
168 sendEmail(postRequestParameter('email'), getMessage('SPONSOR_ACTIVATION_LINK_SUBJ'), $message_sponsor);
171 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT'));
173 // No account found or not UNCONFIRMED
174 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404'));
178 SQL_FREERESULT($result);
181 loadTemplate('guest_sponsor_activate');
183 } elseif ($mode == 'lost_pass') {
186 // Check submitted data
187 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
192 $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
193 FROM `{?_MYSQL_PREFIX?}_sponsor_data`
194 WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1",
195 array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
198 if (SQL_NUMROWS($result) == 1) {
199 // Unconfirmed sponsor account found so let's load the requested data
200 $DATA = SQL_FETCHARRAY($result);
202 // Translate some data
203 $DATA['gender'] = translateGender($DATA['gender']);
204 $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
207 $DATA['password'] = generatePassword();
209 // Prepare email and send it to the sponsor
210 $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
211 sendEmail(postRequestParameter('email'), getMessage('SPONSOR_LOST_PASSWORD_SUBJ'), $message_sponsor);
214 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `password`='%s'
215 WHERE `id`='%s' LIMIT 1",
216 array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
219 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT'));
221 // No account found or not UNCONFIRMED
222 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404'));
226 SQL_FREERESULT($result);
229 loadTemplate('guest_sponsor_lost');
231 } elseif (isFormSent()) {
232 // Check status and login data ...
233 $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data`
234 WHERE `id`='%s' AND password='%s' LIMIT 1",
235 array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__);
237 if (SQL_NUMROWS($result) == 1) {
238 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
239 list($status) = SQL_FETCHROW($result);
240 if ($status == 'CONFIRMED') {
241 // Is confirmed so both is fine and we can continue with login procedure
242 $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) &&
243 (setSession('sponsorpass', md5(postRequestParameter('pass')) ))
246 if ($login === true) {
247 // Cookie setup successfull so we can forward to sponsor area
248 redirectToUrl('modules.php?module=sponsor');
250 // Cookie setup failed!
251 loadTemplate('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED'));
253 // Login formular and other links
254 loadTemplate('guest_sponsor_login');
257 // Status is not fine
258 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_' . strtoupper($status) . ''));
260 // Login formular and other links
261 loadTemplate('guest_sponsor_login');
264 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
265 loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS'));
267 // Login formular and other links
268 loadTemplate('guest_sponsor_login');
272 SQL_FREERESULT($result);
274 // Login formular and other links
275 loadTemplate('guest_sponsor_login');