array(),
'values' => array()
);
// Check if sponsor already exists
foreach ($POST as $k => $v)
{
if (!(array_search($k, $SKIPPED) > -1))
{
// Check only posted input entries not the submit button
switch ($k)
{
case "email":
$ALREADY = false;
if (!VALIDATE_EMAIL($v))
{
// Email address is not valid
$SAVE = false;
}
else
{
// Do we want to add a new sponsor or update his data?
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
array($POST['email']), __FILE__, __LINE__);
// Is a sponsor alread in the db?
if (SQL_NUMROWS($result) == 1)
{
// Free memory
SQL_FREERESULT($result);
// Yes, he is!
if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
{
// Already found!
$ALREADY = true;
}
else
{
// Update his data
$UPDATE = true;
}
}
}
break;
case "pass1":
$k = ""; $v = "";
break;
case "pass2":
$k = "password"; $v = md5($v);
break;
case "url":
if (!VALIDATE_URL($v)) $SAVE = false;
break;
default:
// Test if there is are time selections
$TEST = substr($k, -3);
if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v)))
{
// Found a multi-selection for timings?
$TEST = substr($k, 0, -3);
if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2))
{
// Generate timestamp
$POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
$DATA['keys'][] = $TEST;
$DATA['values'][] = $POST[$TEST];
// Remove data from array
unset($POST[$TEST."_ye"]);
unset($POST[$TEST."_mo"]);
unset($POST[$TEST."_we"]);
unset($POST[$TEST."_da"]);
unset($POST[$TEST."_ho"]);
unset($POST[$TEST."_mi"]);
unset($POST[$TEST."_se"]);
// Skip adding
$k = ""; $skip = true; $TEST2 = $TEST;
}
}
else
{
$skip = false; $TEST2 = "";
}
break;
}
if ((!empty($k)) && ($skip == false))
{
// Add data
$DATA['keys'][] = $k; $DATA['values'][] = $v;
}
}
}
// Save sponsor?
if ($SAVE)
{
// Default is no force even when a guest want to abuse this force switch
if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
// SQL and message string is empty by default
$SQL = ""; $MSG = "";
// Update?
if ($UPDATE)
{
// Update his data
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
foreach ($DATA['keys'] as $k => $v)
{
$SQL .= $v."='%s', ";
}
// Remove last ", " from SQL string
$SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
$DATA['values'][] = bigintval($_GET['id']);
// Generate message
$MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
$ret = "updated";
}
elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN())))
{
// Add new sponsor, first add more data
$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
$DATA['keys'][] = "status";
if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
{
// Only allowed for admin
$DATA['values'][] = "PENDING";
}
else
{
// Guest area
$DATA['values'][] = "UNCONFIRMED";
// Generate hash code
$DATA['keys'][] = "hash";
$DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA['keys'][] = "remote_addr";
$DATA['values'][] = GET_REMOTE_ADDR();
}
// Implode all data into strings
$KEYS = implode(", " , $DATA['keys']);
$VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
// Generate string
$SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
// Generate message
$MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
$ret = "added";
}
elseif ((!$NO_UPDATE) && (IS_ADMIN()))
{
// Add all data as hidden data
$OUT = "";
foreach ($POST as $k => $v)
{
// Do not add 'force' !
if ($k != "force")
{
$OUT .= "\n";
}
}
define('__HIDDEN_DATA', $OUT);
define('__EMAIL' , $POST['email']);
// Ask for adding a sponsor with same email address
LOAD_TEMPLATE("admin_add_sponsor_already");
return;
}
else
{
// Already added!
$MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
$ret = "already";
}
if (!empty($SQL))
{
// Run SQL command
$result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
}
// Output message
if ((!$NO_UPDATE) && (IS_ADMIN()))
{
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
}
}
else
{
// Error found!
$MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
}
// Shall we return the status?
if ($RET_STATUS) return $ret;
}
//
function SPONSOR_TRANSLATE_STATUS($status)
{
switch ($status)
{
case "UNCONFIRMED":
$ret = ACCOUNT_UNCONFIRMED;
break;
case "CONFIRMED":
$ret = ACCOUNT_CONFIRMED;
break;
case "LOCKED":
$ret = ACCOUNT_LOCKED;
break;
case "PENDING":
$ret = ACCOUNT_PENDING;
break;
case "EMAIL":
$ret = ACCOUNT_EMAIL;
break;
default:
DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
$ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2;
break;
}
return $ret;
}
// Search for an email address in the database
function SPONSOR_FOUND_EMAIL_DB($email)
{
// Default status is failed (as it is always be...)
$ret = false;
// Check for email (and secure input)
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
array($email), __FILE__, __LINE__);
// Do we already have the provided email address in our DB?
if (SQL_NUMROWS($result) == 1) $ret = true;
// Return result
return $ret;
}
//
function SPONSOR_SET_MESSAGE($msg, $pos, $array)
{
// Check if the requested message was found in array
if (isset($array[$pos]))
{
// ... if yes then use it!
$ret = $array[$pos];
}
else
{
// ... else use default message
$ret = $msg;
}
// Return result
return $ret;
}
//
function IS_SPONSOR()
{
global $_COOKIE;
// Failed...
$ret = false;
if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass'])))
{
// Check cookies against database records...
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// All is fine
$ret = true;
}
// Free memory
SQL_FREERESULT($result);
}
// Return status
return $ret;
}
//
function GENERATE_SPONSOR_MENU($current)
{
$OUT = "";
$WHERE = " AND active='Y'";
if (IS_ADMIN()) $WHERE = "";
// Load main menu entries
$result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu
WHERE (what='' OR what IS NULL) ".$WHERE."
ORDER BY sort", __FILE__, __LINE__);
if (SQL_NUMROWS($result_main) > 0)
{
// Load every menu and it's sub menus
while(list($action, $title_main) = SQL_FETCHROW($result_main))
{
// Load sub menus
$result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
ORDER BY sort", array($action), __FILE__, __LINE__);
if (SQL_NUMROWS($result_sub) > 0)
{
// Load sub menus
$SUB = "";
while(list($what, $title_sub) = SQL_FETCHROW($result_sub))
{
// Check if current selected menu is matching the loaded one
if ($current == $what) $title_sub = "".$title_sub."";
// Prepare data for the sub template
$content = array(
'what' => $what,
'title' => $title_sub
);
// Load row template
$SUB .= LOAD_TEMPLATE("sponsor_what", true, $content);
}
// Prepare data for the main template
$content = array(
'title' => $title_main,
'menu' => $SUB
);
// Load menu template
$OUT .= LOAD_TEMPLATE("sponsor_action", true, $content);
}
else
{
// No sub menus active
$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_SUB_MENUS_ACTIVE);
}
// Free memory
SQL_FREERESULT($result_sub);
}
}
else
{
// No main menus active
$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MAIN_MENUS_ACTIVE);
}
// Free memory
SQL_FREERESULT($result_main);
// Return content
return $OUT;
}
//
function GENERATE_SPONSOR_CONTENT($what)
{
global $_CONFIG;
$OUT = "";
$FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
if (FILE_READABLE($FILE)) {
// Every sponsor action will output nothing directly. It will be written into $OUT!
require_once($FILE);
} else {
// File not found!
$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
}
// Return content
return $OUT;
}
//
function UPDATE_SPONSOR_LOGIN()
{
global $_COOKIE, $_CONFIG;
// Check if cookies are set
if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
// seperate timeout for these two cookies?
$life = (time() + getConfig('online_timeout'));
// Is confirmed so both is fine and we can continue with login procedure
$login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
(setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH)));
// Update database?
if ($login)
{
// Update last online timestamp
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
SET last_online='".time()."'
WHERE id='%s' AND password='%s' LIMIT 1",
array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
}
// Return status
return $login;
}
//
function SPONSOR_SAVE_DATA($POST, $content)
{
global $_COOKIE, $_SERVER, $_GET;
$EMAIL = false;
// Unsecure data which we don't want
$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
$MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
// Check for submitted passwords
if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
{
// Are both passwords the same?
if ($_POST['pass1'] == $_POST['pass2'])
{
// Okay, then set password and remove pass1 and pass2
$_POST['password'] = md5($_POST['pass1']);
}
}
// Remove all (maybe spoofed) unsafe data from array
foreach ($UNSAFE as $remove)
{
unset($POST[$remove]);
}
// This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
// secure the data
$DATA = array();
// Prepare SQL string
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
foreach ($POST as $key => $value)
{
// Mmmmm, too less security here???
$SQL .= " ".strip_tags($key)."='%s',";
// We will secure this later inside the SQL_QUERY_ESC() function
$DATA[] = strip_tags($value);
// Compile {SLASH} and so on for the email templates
$POST[$key] = COMPILE_CODE($value);
}
// Check if email has changed
if ((!empty($content['email'])) && (!empty($POST['email'])))
{
if ($content['email'] != $POST['email'])
{
// Change email address
$EMAIL = true;
// Okay, has changed then add status with UNCONFIRMED and new hash code
$SQL .= " status='EMAIL', hash='%s',";
// Generate hash code
$HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA[] = $HASH;
}
}
// Remove last commata
$SQL = substr($SQL, 0, -1);
// Add SQL tail data
$SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
$DATA[] = bigintval($_COOKIE['sponsorid']);
$DATA[] = $_COOKIE['sponsorpass'];
// Saving data was completed... ufff...
switch ($GLOBALS['what'])
{
case "account": // Change account data
if ($EMAIL)
{
$MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED;
$templ = "admin_sponsor_change_email";
$subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
}
else
{
$MSG = SPONSOR_ACCOUNT_DATA_SAVED;
$templ = "admin_sponsor_change_data";
$subj = ADMIN_SPONSOR_ACC_DATA_SUBJ;
}
break;
case "settings": // Change settings
// Translate some data
$content['receive'] = TRANSLATE_YESNO($content['receive_warnings']);
$content['interval'] = CREATE_FANCY_TIME($content['warning_interval']);
// Set message template and subject for admin
$MSG = SPONSOR_SETTINGS_SAVED;
$templ = "admin_sponsor_settings";
$subj = ADMIN_SPONSOR_SETTINGS_SUBJ;
break;
default: // Unknown sponsor what value!
DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
$MSG = SPONSOR_UNKNOWN_WHAT_1.$GLOBALS['what'].SPONSOR_UNKNOWN_WHAT_2;
$templ = ""; $subj = "";
break;
}
if (SQL_AFFECTEDROWS() == 1)
{
if (!empty($templ) && !empty($subj))
{
// Run SQL command and check for success
$result = SQL_QUERY_ESC($SQL, $DATA, __FILE__, __LINE__);
// Add all data to content
global $DATA;
$DATA = $POST;
// Change some data
if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
if (isset($DATA['gender'])) $DATA['gender'] = TRANSLATE_GENDER($DATA['gender']);
if (isset($content['receive_warnings'])) $DATA['receive'] = TRANSLATE_YESNO($POST['receive_warnings']);
if (isset($content['warning_interval'])) $DATA['interval'] = CREATE_FANCY_TIME($POST['warning_interval']);
// Send email to admins
SEND_ADMIN_NOTIFICATION($subj, $templ, $content);
// Shall we send mail to the sponsor's new email address?
if ($content['receive_warnings'] == "Y")
{
// Okay send email with confirmation link to new address and with no confirmation link
// to the old address
// First to old address
switch ($GLOBALS['what'])
{
case "account": // Change account data
$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
SEND_EMAIL($content['email'], SPONSOR_ACC_DATA_SUBJ, $email_msg);
if ($EMAIL)
{
// Add hash code to content array
$content['hash'] = $HASH;
// Second mail goes to the new address
$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content);
SEND_EMAIL($content['email'], SPONSOR_ACC_EMAIL_SUBJ, $email_msg);
}
break;
case "settings": // Change settings
// Send email
$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content);
SEND_EMAIL($content['email'], SPONSOR_SETTINGS_SUBJ, $email_msg);
break;
}
}
}
}
// Return final message
return $MSG;
}
//
?>