2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2008 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software. You can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License. *
27 * This program is distributed in the hope that it will be useful, *
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
30 * GNU General Public License for more details. *
32 * You should have received a copy of the GNU General Public License *
33 * along with this program; if not, write to the Free Software *
34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
36 ************************************************************************/
38 // Some security stuff...
39 if (!defined('__SECURITY')) {
40 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4).'/security.php';
42 } elseif ((!EXT_IS_ACTIVE('sponsor'))) {
43 addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), 'sponsor');
47 // Add description as navigation point
48 ADD_DESCR('guest', __FILE__);
51 if (REQUEST_ISSET_GET(('mode'))) {
52 // A "special" mode of the login system was requested
53 switch (REQUEST_GET('mode'))
55 case 'activate' : $MODE = 'activate'; break; // Activation link requested
56 case 'lost_pass': $MODE = 'lost_pass'; break; // Request new password
60 // Check if hash for confirmation of email address is given...
61 if (REQUEST_ISSET_GET(('hash'))) {
63 $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
64 company, position, tax_ident,
65 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
66 points_amount AS points, last_pay AS pay, last_curr AS curr
67 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
68 WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
69 LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__);
70 if (SQL_NUMROWS($result) == 1) {
71 // Sponsor found, load his data...
72 $SPONSOR = SQL_FETCHARRAY($result);
74 // Translate gender and comma
75 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
76 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
77 $SPONSOR['pay'] = TRANSLATE_COMMA($SPONSOR['pay']);
79 // Unconfirmed account or changed email address?
80 if ($SPONSOR['status'] == 'UNCONFIRMED') {
81 // Set account to pending
82 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
83 WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
84 array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
87 if (SQL_AFFECTEDROWS() == 1) {
88 // Prepare mail and send it to the sponsor
89 $message = LOAD_EMAIL_TEMPLATE('sponsor_pending', $SPONSOR);
90 SEND_EMAIL($SPONSOR['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message);
92 // Send email to admin
93 SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $SPONSOR);
95 // Sponsor account set to pending
96 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
98 // Could not unlock account!
99 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
101 } elseif ($SPONSOR['status'] == 'EMAIL') {
102 // Changed email adress need to be confirmed
103 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
104 WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
105 array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
108 if (SQL_AFFECTEDROWS() == 1) {
109 // Sponsor account is unlocked again
110 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
112 // Could not unlock account!
113 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
116 /// ??? Other status?
117 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
121 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_NOT_FOUND'));
125 SQL_FREERESULT($result);
126 } elseif ($MODE == 'activate') {
127 // Send activation link again
128 if (IS_FORM_SENT()) {
129 // Check submitted data
130 if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
133 if (IS_FORM_SENT()) {
135 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
136 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
137 WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
138 array(REQUEST_POST('email')), __FILE__, __LINE__);
141 if (SQL_NUMROWS($result) == 1) {
142 // Unconfirmed sponsor account found so let's load the requested data
143 $SPONSOR = SQL_FETCHARRAY($result);
145 // Translate some data
146 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
147 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
149 // Prepare email and send it to the sponsor
150 if ($SPONSOR['status'] == 'UNCONFIRMED') {
151 // Unconfirmed accounts
152 $msg_sponsor = LOAD_EMAIL_TEMPLATE('sponsor_activate', $SPONSOR);
154 // Confirmed email address
155 $msg_sponsor = LOAD_EMAIL_TEMPLATE('sponsor_email', $SPONSOR);
157 SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
160 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT'));
162 // No account found or not UNCONFIRMED
163 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404'));
167 SQL_FREERESULT($result);
170 LOAD_TEMPLATE('guest_sponsor_activate');
172 } elseif ($MODE == 'lost_pass') {
174 if (IS_FORM_SENT()) {
175 // Check submitted data
176 if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
179 if (IS_FORM_SENT()) {
181 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
182 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
183 WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
184 array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
187 if (SQL_NUMROWS($result) == 1) {
188 // Unconfirmed sponsor account found so let's load the requested data
189 $SPONSOR = SQL_FETCHARRAY($result);
191 // Translate some data
192 $SPONSOR['gender'] = TRANSLATE_GENDER($SPONSOR['gender']);
193 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
196 $SPONSOR['password'] = GEN_PASS();
198 // Prepare email and send it to the sponsor
199 $msg_sponsor = LOAD_EMAIL_TEMPLATE('sponsor_lost', $SPONSOR);
200 SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
203 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
204 WHERE id='%s' LIMIT 1",
205 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
208 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT'));
210 // No account found or not UNCONFIRMED
211 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404'));
215 SQL_FREERESULT($result);
218 LOAD_TEMPLATE('guest_sponsor_lost');
220 } elseif (IS_FORM_SENT()) {
221 // Check status and login data ...
222 $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
223 WHERE id='%s' AND password='%s' LIMIT 1",
224 array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__);
226 if (SQL_NUMROWS($result) == 1) {
227 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
228 list($status) = SQL_FETCHROW($result);
229 if ($status == 'CONFIRMED') {
230 // Is confirmed so both is fine and we can continue with login procedure
231 $login = ((set_session('sponsorid' , bigintval(REQUEST_POST('sponsorid')))) &&
232 (set_session('sponsorpass', md5(REQUEST_POST('pass')) ))
235 if ($login === true) {
236 // Cookie setup successfull so we can forward to sponsor area
237 LOAD_URL('modules.php?module=sponsor');
239 // Cookie setup failed!
240 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED'));
242 // Login formular and other links
243 LOAD_TEMPLATE('guest_sponsor_login');
246 // Status is not fine
247 $content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
248 LOAD_TEMPLATE('admin_settings_saved', false, $content);
250 // Login formular and other links
251 LOAD_TEMPLATE('guest_sponsor_login');
254 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
255 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS'));
257 // Login formular and other links
258 LOAD_TEMPLATE('guest_sponsor_login');
262 SQL_FREERESULT($result);
264 // Login formular and other links
265 LOAD_TEMPLATE('guest_sponsor_login');