array(),
'values' => array()
);
// Check if sponsor already exists
foreach ($postData as $k => $v) {
if (!(array_search($k, $SKIPPED) > -1)) {
// Check only posted input entries not the submit button
switch ($k)
{
case 'email':
$ALREADY = false;
if (!isEmailValid($v)) {
// Email address is not valid
$SAVE = false;
} else {
// Do we want to add a new sponsor or update his data?
$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE email='%s' LIMIT 1",
array($postData['email']), __FUNCTION__, __LINE__);
// Is a sponsor alread in the db?
if (SQL_NUMROWS($result) == 1) {
// Yes, he is!
if ((getWhat() == 'add_sponsor') || ($update)) {
// Already found!
$ALREADY = true;
} else {
// Update his data
$UPDATE = true;
}
}
// Free memory
SQL_FREERESULT($result);
}
break;
case 'pass1':
$k = ''; $v = '';
break;
case 'pass2':
$k = 'password'; $v = md5($v);
break;
case 'url':
if (!isUrlValid($v)) $SAVE = false;
break;
default:
// Test if there is are time selections
convertSelectionsToTimestamp($postData, $DATA, $k, $skip);
break;
}
if ((!empty($k)) && ($skip == false)) {
// Add data
$DATA['keys'][] = $k; $DATA['values'][] = $v;
}
}
}
// Save sponsor?
if ($SAVE === true) {
// Default is no force even when a guest want to abuse this force switch
if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';
// SQL and message string is empty by default
$sql = ''; $message = '';
// Update?
if ($UPDATE) {
// Update his data
$sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET ";
foreach ($DATA['keys'] as $k => $v) {
$sql .= $v."='%s', ";
}
// Remove last ", " from SQL string
$sql = substr($sql, 0, -2)." WHERE `id`='%s' LIMIT 1";
$DATA['values'][] = bigintval(getRequestParameter('id'));
// Generate message
$message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_UPDATED'), 'updated', $messageArray);
$ret = "updated";
} elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) {
// Add new sponsor, first add more data
$DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time();
$DATA['keys'][] = 'status';
if (($update === true) && (isAdmin()) && (getWhat() == 'add_sponsor')) {
// Only allowed for admin
$DATA['values'][] = 'PENDING';
} else {
// Guest area
$DATA['values'][] = 'UNCONFIRMED';
// Generate hash code
$DATA['keys'][] = 'hash';
$DATA['values'][] = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
$DATA['keys'][] = 'remote_addr';
$DATA['values'][] = detectRemoteAddr();
}
// Implode all data into strings
$keyArray = implode("`, `" , $DATA['keys']);
$valueArray = str_repeat("%s', '", count($DATA['values']) - 1);
// Generate string
$sql = "INSERT INTO `{?_MYSQL_PREFIX?}_sponsor_data` (`" . $keyArray . "`) VALUES ('" . $valueArray . "%s')";
// Generate message
$message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_ADDED'), 'added', $messageArray);
$ret = 'added';
} elseif (($update === true) && (isAdmin())) {
// Add all data as hidden data
$OUT = '';
foreach ($postData as $k => $v) {
// Do not add 'force' !
if ($k != 'force') {
$OUT .= '';
} // END - if
} // END - foreach
// Remember data
$content['hidden'] = $OUT;
$content['email'] = $postData['email'];
// Ask for adding a sponsor with same email address
loadTemplate('admin_add_sponsor_already', false, $content);
return;
} else {
// Already added!
$message = getMaskedMessage('SPONSOR_ALREADY_FOUND', $postData['email']);
$ret = 'already';
}
if (!empty($sql)) {
// Run SQL command
$result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
} // END - if
// Output message
if (($update === true) && (isAdmin())) {
loadTemplate('admin_settings_saved', false, $message);
} // END - if
} else {
// Error found!
$message = getMessageFromIndexedArray(getMessage('SPONSOR_DATA_NOT_SAVED'), 'failed', $messageArray);
loadTemplate('admin_settings_saved', false, $message);
}
// Shall we return the status?
if ($RET_STATUS === true) return $ret;
}
//
function sponsorTranslateUserStatus ($status) {
// Construct constant name
$constantName = sprintf("ACCOUNT_%s", $status);
// Is the constant there?
if (defined($constantName)) {
// Then use it
$ret = constant($constantName);
} else {
// Not found!
logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
$ret = getMaskedMessage('UNKNOWN_STATUS', $status);
}
return $ret;
}
// Search for an email address in the database
function isSponsorRegisteredWithEmail ($email) {
// Do we already have the provided email address in our DB?
$ret = (countSumTotalData($email, 'sponsor_data', 'id', 'email', true) == 1);
// Return result
return $ret;
}
// Wether the current user is a sponsor
function isSponsor () {
// Failed...
$ret = false;
if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) {
// Check cookies against database records...
$result = SQL_QUERY_ESC("SELECT
`id`
FROM
`{?_MYSQL_PREFIX?}_sponsor_data`
WHERE
`id`='%s' AND `password`='%s' AND `status`='CONFIRMED'
LIMIT 1",
array(
bigintval(getSession('sponsorid')),
getSession('sponsorpass')
), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// All is fine
$ret = true;
} // END - if
// Free memory
SQL_FREERESULT($result);
} // END - if
// Return status
return $ret;
}
//
function addSponsorMenu ($current) {
$OUT = '';
$WHERE = " AND active='Y'";
if (isAdmin()) $WHERE = '';
// Load main menu entries
$result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
WHERE (`what`='' OR `what` IS NULL) ".$WHERE."
ORDER BY `sort`", __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result_main) > 0) {
// Load every menu and it's sub menus
while ($content = SQL_FETCHARRAY($result_main)) {
// Load sub menus
$result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE."
ORDER BY `sort`",
array($content['main_action']), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result_sub) > 0) {
// Load sub menus
$SUB = '';
while ($content2 = SQL_FETCHARRAY($result_sub)) {
// Merge both arrays
$content = merge_array($content, $content2);
// Check if current selected menu is matching the loaded one
if ($current == $content['sub_what']) $content['sub_title'] = '' . $content['sub_title'] . '';
// Prepare data for the sub template
$content = array(
'what' => $content['sub_what'],
'title' => $content['sub_title']
);
// Load row template
$SUB .= loadTemplate('sponsor_what', true, $content);
}
// Prepare data for the main template
$content = array(
'title' => $content['main_title'],
'menu' => $SUB
);
// Load menu template
$OUT .= loadTemplate('sponsor_action', true, $content);
} else {
// No sub menus active
$OUT .= loadTemplate('admin_settings_saved', true, '{--SPONSOR_NO_SUB_MENUS_ACTIVE--}');
}
// Free memory
SQL_FREERESULT($result_sub);
}
} else {
// No main menus active
$OUT .= loadTemplate('admin_settings_saved', true, '{--SPONSOR_NO_MAIN_MENUS_ACTIVE--}');
}
// Free memory
SQL_FREERESULT($result_main);
// Return content
return $OUT;
}
//
function addSponsorContent ($what) {
$OUT = '';
$INC = sprintf("inc/modules/sponsor/%s.php", $what);
if (isIncludeReadable($INC)) {
// Every sponsor action will output nothing directly. It will be written into $OUT!
loadIncludeOnce($INC);
} else {
// File not found!
$OUT .= loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_CONTENT_404', $what));
}
// Return content
return $OUT;
}
//
function updateSponsorLogin () {
// Failed by default
$login = false;
// Is sponsor?
if (isSponsor()) {
// Update last online timestamp
SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data`
SET `last_online`=UNIX_TIMESTAMP()
WHERE `id`='%s' AND `password`='%s' LIMIT 1",
array(
bigintval(getSession('sponsorid')),
getSession('sponsorpass')
), __FUNCTION__, __LINE__);
// This update went fine?
$login = (SQL_AFFECTEDROWS() == 1);
}
// Return status
return $login;
}
// Saves sponsor's data
function saveSponsorData ($postData, $content) {
$EMAIL = false;
// Unsecure data which we don't want
$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
$message = '{--SPONSOR_ACCOUNT_DATA_NOT_SAVED--}';
// Check for submitted passwords
if ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) {
// Are both passwords the same?
if ($postData['pass1'] == $postData['pass2']) {
// Okay, then set password and remove pass1 and pass2
$postData['password'] = md5($postData['pass1']);
} // END - if
} // END - if
// Remove all (maybe spoofed) unsafe data from array
foreach ($UNSAFE as $remove) {
unset($postData[$remove]);
} // END - foreach
// This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
// secure the data
$DATA = array();
// Prepare SQL string
$sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET";
foreach ($postData as $key => $value) {
// Mmmmm, too less security here???
$sql .= " `".secureString($key)."`='%s',";
// We will secure this later inside the SQL_QUERY_ESC() function
$DATA[] = secureString($value);
} // END - foreach
// Check if email has changed
if ((!empty($content['email'])) && (!empty($postData['email']))) {
if ($content['email'] != $postData['email']) {
// Change email address
$EMAIL = true;
// Okay, has changed then add status with UNCONFIRMED and new hash code
$sql .= " `status`='EMAIL', `hash`='%s',";
// Generate hash code
$HASH = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
$DATA[] = $HASH;
} // END - if
} // END - if
// Remove last commata
$sql = substr($sql, 0, -1);
// Add SQL tail data
$sql .= " WHERE `id`=%s AND password='%s' LIMIT 1";
$DATA[] = bigintval(getSession('sponsorid'));
$DATA[] = getSession('sponsorpass');
// Saving data was completed... ufff...
switch (getWhat()) {
case 'account': // Change account data
if ($EMAIL === true) {
$message = '{--SPONSOR_ACCOUNT_EMAIL_CHANGED--}';
$templ = 'admin_sponsor_change_email';
$subj = '{--ADMIN_SPONSOR_ACC_EMAIL_SUBJECT--}';
} else {
$message = '{--SPONSOR_ACCOUNT_DATA_SAVED--}';
$templ = 'admin_sponsor_change_data';
$subj = '{--ADMIN_SPONSOR_ACC_DATA_SUBJECT--}';
}
break;
case 'settings': // Change settings
// Set message template and subject for admin
$message = '{--SPONSOR_SETTINGS_SAVED--}';
$templ = 'admin_sponsor_settings';
$subj = '{--ADMIN_SPONSOR_SETTINGS_SUBJECT--}';
break;
default: // Unknown sponsor what value!
logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat()));
$message = getMaskedMessage('SPONSOR_UNKNOWN_WHAT', getWhat());
$templ = '';
$subj = '';
break;
} // END - switch
// Has an entry updated?
if (SQL_AFFECTEDROWS() == 1) {
// Template and subject are set?
if (!empty($templ) && !empty($subj)) {
// Run SQL command and check for success
$result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);
// Add all data to content
$content['new_data'] = $postData;
// Send email to admins
sendAdminNotification($subj, $templ, $content);
// Shall we send mail to the sponsor's new email address?
if ($content['receive_warnings'] == 'Y') {
/*
* Okay send email with confirmation link to new address and with no confirmation link
* to the old address.
*/
// First to old address
switch (getWhat()) {
case 'account': // Change account data
$email_msg = loadEmailTemplate('sponsor_change_data', $content);
sendEmail($content['email'], '{--SPONSOR_ACC_DATA_SUBJECT--}', $email_msg);
if ($EMAIL === true) {
// Add hash code to content array
$content['hash'] = $HASH;
// Second mail goes to the new address
$email_msg = loadEmailTemplate('sponsor_change_email', $content);
sendEmail($content['email'], '{--SPONSOR_ACC_EMAIL_SUBJECT--}', $email_msg);
} // END - if
break;
case 'settings': // Change settings
// Send email
$email_msg = loadEmailTemplate('sponsor_settings', $content);
sendEmail($content['email'], '{--SPONSOR_SETTINGS_SUBJECT--}', $email_msg);
break;
} // END - switch
} // END - if
} // END - if
} // END - if
// Return final message
return $message;
}
// [EOF]
?>