if ((!isExtensionActive('sponsor'))) {
loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor'));
return;
-} // END - if
+} elseif (isSponsor()) {
+ // Is already a logged-in sponsor
+ redirectToUrl('modules.php?module=sponsor');
+}
$mode = '';
if (isGetRequestParameterSet('mode')) {
FROM
`{?_MYSQL_PREFIX?}_sponsor_data`
WHERE
- `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
+ `hash`='%s' AND (
+ `status`='UNCONFIRMED' OR
+ `status`='EMAIL'
+ )
LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Sponsor found, load his data...
SQL_QUERY_ESC("UPDATE
`{?_MYSQL_PREFIX?}_sponsor_data`
SET
- `status`='PENDING'
+ `status`='PENDING',
+ `hash`=NULL
WHERE
`id`=%s AND
- hash='%s' AND
+ `hash`='%s' AND
`status`='UNCONFIRMED'
LIMIT 1",
array(
SQL_QUERY_ESC("UPDATE
`{?_MYSQL_PREFIX?}_sponsor_data`
SET
- `status`='CONFIRMED'
+ `status`='CONFIRMED',
+ `hash`=NULL
WHERE
- `id`='%s' AND
+ `id`=%s AND
`hash`='%s' AND
`status`='EMAIL'
LIMIT 1",
}
} else {
// No sponsor found
- loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash')));
+ loadTemplate('admin_settings_saved', false, getMaskedMessage('SPONSOR_ACCOUNT_404', getRequestParameter('hash')));
}
// Free memory
if (isFormSent()) {
// Check email
- $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
-FROM `{?_MYSQL_PREFIX?}_sponsor_data`
-WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT
+ `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
+FROM
+ `{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+ `email`='%s' AND
+ `id`=%s AND
+ `status`='CONFIRMED'
+LIMIT 1",
array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
// Entry found?
}
} elseif (isFormSent()) {
// Check status and login data ...
- $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data`
-WHERE `id`='%s' AND password='%s' LIMIT 1",
- array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT
+ `status`
+FROM
+ `{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+ `id`=%s AND
+ `password`='%s'
+LIMIT 1",
+ array(
+ bigintval(postRequestParameter('sponsor_id')),
+ md5(postRequestParameter('password'))
+ ), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
list($status) = SQL_FETCHROW($result);
if ($status == 'CONFIRMED') {
// Is confirmed so both is fine and we can continue with login procedure
- $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) &&
- (setSession('sponsorpass', md5(postRequestParameter('pass')) ))
+ $login = ((setSession('sponsor_id' , bigintval(postRequestParameter('sponsor_id')))) &&
+ (setSession('sponsor_pass', md5(postRequestParameter('password')) ))
);
if ($login === true) {