]> git.mxchange.org Git - mailer.git/blob - inc/modules/guest/what-sponsor_login.php
e34b2f126b4a5fa13479545736a34de7d98e6fc8
[mailer.git] / inc / modules / guest / what-sponsor_login.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 06/10/2005 *
4  * ===============                              Last change: 05/18/2008 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-sponsor_login.php                           *
8  * -------------------------------------------------------------------- *
9  * Short description : Login form and password resending for sponsor    *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
21  * For more information visit: http://www.mxchange.org                  *
22  *                                                                      *
23  * This program is free software. You can redistribute it and/or modify *
24  * it under the terms of the GNU General Public License as published by *
25  * the Free Software Foundation; either version 2 of the License.       *
26  *                                                                      *
27  * This program is distributed in the hope that it will be useful,      *
28  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
29  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
30  * GNU General Public License for more details.                         *
31  *                                                                      *
32  * You should have received a copy of the GNU General Public License    *
33  * along with this program; if not, write to the Free Software          *
34  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
35  * MA  02110-1301  USA                                                  *
36  ************************************************************************/
37
38 // Some security stuff...
39 if (!defined('__SECURITY')) {
40         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4).'/security.php';
41         require($INC);
42 } elseif ((!EXT_IS_ACTIVE('sponsor'))) {
43         addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), 'sponsor');
44         return;
45 }
46
47 // Add description as navigation point
48 ADD_DESCR('guest', __FILE__);
49
50 $MODE = '';
51 if (REQUEST_ISSET_GET(('mode'))) {
52         // A "special" mode of the login system was requested
53         switch (REQUEST_GET('mode'))
54         {
55                 case 'activate' : $MODE = 'activate';  break; // Activation link requested
56                 case 'lost_pass': $MODE = 'lost_pass'; break; // Request new password
57         }
58 } // END - if
59
60 // Check if hash for confirmation of email address is given...
61 if (REQUEST_ISSET_GET(('hash'))) {
62         // Lookup sponsor
63         $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
64 company, position, tax_ident,
65 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
66 points_amount AS points, last_pay AS pay, last_curr AS curr
67 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
68 WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
69 LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__);
70         if (SQL_NUMROWS($result) == 1) {
71                 // Sponsor found, load his data...
72                 $SPONSOR = SQL_FETCHARRAY($result);
73
74                 // Translate gender and comma
75                 $SPONSOR['gender']  = TRANSLATE_GENDER($SPONSOR['gender']);
76                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
77                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
78
79                 // Unconfirmed account or changed email address?
80                 if ($SPONSOR['status'] == 'UNCONFIRMED') {
81                         // Set account to pending
82                         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
83 WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
84                                 array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
85
86                         // Check on success
87                         if (SQL_AFFECTEDROWS() == 1) {
88                                 // Prepare mail and send it to the sponsor
89                                 $message = LOAD_EMAIL_TEMPLATE('sponsor_pending', $SPONSOR);
90                                 SEND_EMAIL($SPONSOR['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message);
91
92                                 // Send email to admin
93                                 SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $SPONSOR);
94
95                                 // Sponsor account set to pending
96                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
97                         } else {
98                                 // Could not unlock account!
99                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
100                         }
101                 } elseif ($SPONSOR['status'] == 'EMAIL') {
102                         // Changed email adress need to be confirmed
103                         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
104 WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
105                                 array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
106
107                         // Check on success 
108                         if (SQL_AFFECTEDROWS() == 1) {
109                                 // Sponsor account is unlocked again
110                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
111                         } else {
112                                 // Could not unlock account!
113                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
114                         }
115                 } else {
116                         /// ??? Other status?
117                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
118                 }
119         } else {
120                 // No sponsor found
121                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_NOT_FOUND'));
122         }
123
124         // Free memory
125         SQL_FREERESULT($result);
126 } elseif ($MODE == 'activate') {
127         // Send activation link again
128         if (IS_FORM_SENT()) {
129                 // Check submitted data
130                 if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
131         }
132
133         if (IS_FORM_SENT()) {
134                 // Check email
135                 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
136 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
137 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
138                         array(REQUEST_POST('email')), __FILE__, __LINE__);
139
140                 // Entry found?
141                 if (SQL_NUMROWS($result) == 1) {
142                         // Unconfirmed sponsor account found so let's load the requested data
143                         $SPONSOR = SQL_FETCHARRAY($result);
144
145                         // Translate some data
146                         $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
147                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
148
149                         // Prepare email and send it to the sponsor
150                         if ($SPONSOR['status'] == 'UNCONFIRMED') {
151                                 // Unconfirmed accounts
152                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE('sponsor_activate', $SPONSOR);
153                         } else {
154                                 // Confirmed email address
155                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE('sponsor_email', $SPONSOR);
156                         }
157                         SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
158
159                         // Output message
160                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT'));
161                 } else {
162                         // No account found or not UNCONFIRMED
163                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404'));
164                 }
165
166                 // Free memory
167                 SQL_FREERESULT($result);
168         } else {
169                 // Load form
170                 LOAD_TEMPLATE('guest_sponsor_activate');
171         }
172 } elseif ($MODE == 'lost_pass') {
173         // Send new password
174         if (IS_FORM_SENT()) {
175                 // Check submitted data
176                 if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
177         } // END - if
178
179         if (IS_FORM_SENT()) {
180                 // Check email
181                 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
182 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
183 WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
184                         array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
185
186                 // Entry found?
187                 if (SQL_NUMROWS($result) == 1) {
188                         // Unconfirmed sponsor account found so let's load the requested data
189                         $SPONSOR = SQL_FETCHARRAY($result);
190
191                         // Translate some data
192                         $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
193                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
194
195                         // Generate password
196                         $SPONSOR['password']        = GEN_PASS();
197
198                         // Prepare email and send it to the sponsor
199                         $msg_sponsor = LOAD_EMAIL_TEMPLATE('sponsor_lost', $SPONSOR);
200                         SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
201
202                         // Update password
203                         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
204 WHERE id='%s' LIMIT 1",
205                                 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
206
207                         // Output message
208                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT'));
209                 } else {
210                         // No account found or not UNCONFIRMED
211                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404'));
212                 }
213
214                 // Free memory
215                 SQL_FREERESULT($result);
216         } else {
217                 // Load form
218                 LOAD_TEMPLATE('guest_sponsor_lost');
219         }
220 } elseif (IS_FORM_SENT()) {
221         // Check status and login data ...
222         $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
223 WHERE id='%s' AND password='%s' LIMIT 1",
224                 array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__);
225
226         if (SQL_NUMROWS($result) == 1) {
227                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
228                 list($status) = SQL_FETCHROW($result);
229                 if ($status == 'CONFIRMED') {
230                         // Is confirmed so both is fine and we can continue with login procedure
231                         $login = ((set_session('sponsorid'  , bigintval(REQUEST_POST('sponsorid')))) &&
232                                   (set_session('sponsorpass', md5(REQUEST_POST('pass'))           ))
233                         );
234
235                         if ($login === true) {
236                                 // Cookie setup successfull so we can forward to sponsor area
237                                 LOAD_URL('modules.php?module=sponsor');
238                         } else {
239                                 // Cookie setup failed!
240                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED'));
241
242                                 // Login formular and other links
243                                 LOAD_TEMPLATE('guest_sponsor_login');
244                         }
245                 } else {
246                         // Status is not fine
247                         $content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
248                         LOAD_TEMPLATE('admin_settings_saved', false, $content);
249
250                         // Login formular and other links
251                         LOAD_TEMPLATE('guest_sponsor_login');
252                 }
253         } else {
254                 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
255                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS'));
256
257                 // Login formular and other links
258                 LOAD_TEMPLATE('guest_sponsor_login');
259         }
260
261         // Free memory
262         SQL_FREERESULT($result);
263 } else {
264         // Login formular and other links
265         LOAD_TEMPLATE('guest_sponsor_login');
266 }
267
268 //
269 ?>