$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
} elseif ((!EXT_IS_ACTIVE("sponsor"))) {
- if (IS_ADMIN()) {
- ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "sponsor"));
- } else {
- ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor");
- }
+ addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "sponsor");
return;
}
ADD_DESCR("guest", __FILE__);
$MODE = "";
-if (!empty($_GET['mode'])) {
+if (REQUEST_ISSET_GET(('mode'))) {
// A "special" mode of the login system was requested
- switch ($_GET['mode'])
+ switch (REQUEST_GET('mode'))
{
case "activate" : $MODE = "activate"; break; // Activation link requested
case "lost_pass": $MODE = "lost_pass"; break; // Request new password
} // END - if
// Check if hash for confirmation of email address is given...
-if (!empty($_GET['hash'])) {
+if (REQUEST_ISSET_GET(('hash'))) {
// Lookup sponsor
$result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
company, position, tax_ident,
street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
points_amount AS points, last_pay AS pay, last_curr AS curr
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
-LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
+FROM `{!_MYSQL_PREFIX!}_sponsor_data`
+WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
+LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Sponsor found, load his data...
$SPONSOR = SQL_FETCHARRAY($result);
// Unconfirmed account or changed email address?
if ($SPONSOR['status'] == "UNCONFIRMED") {
// Set account to pending
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
-WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
+WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
// Check on success
if (SQL_AFFECTEDROWS() == 1) {
// Prepare mail and send it to the sponsor
$MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
- SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
+ SEND_EMAIL($SPONSOR['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $MSG);
// Send email to admin
- SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
+ SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), "admin_sponsor_pending", $SPONSOR);
// Sponsor account set to pending
- LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
} else {
// Could not unlock account!
- LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
}
} elseif ($SPONSOR['status'] == "EMAIL") {
// Changed email adress need to be confirmed
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
-WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
+WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
// Check on success
if (SQL_AFFECTEDROWS() == 1) {
// Sponsor account is unlocked again
- LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
} else {
// Could not unlock account!
- LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
}
} else {
/// ??? Other status?
- LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
}
} else {
// No sponsor found
- LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
+ LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_NOT_FOUND'));
}
// Free memory
SQL_FREERESULT($result);
} elseif ($MODE == "activate") {
// Send activation link again
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check submitted data
- if (empty($_POST['email'])) unset($_POST['ok']);
+ if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
}
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
+FROM `{!_MYSQL_PREFIX!}_sponsor_data`
+WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
+ array(REQUEST_POST('email')), __FILE__, __LINE__);
// Entry found?
if (SQL_NUMROWS($result) == 1) {
// Confirmed email address
$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
}
- SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+ SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
// Output message
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
}
} elseif ($MODE == "lost_pass") {
// Send new password
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check submitted data
- if (empty($_POST['email'])) unset($_POST['ok']);
+ if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
} // END - if
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
+FROM `{!_MYSQL_PREFIX!}_sponsor_data`
+WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
+ array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
// Entry found?
if (SQL_NUMROWS($result) == 1) {
// Unconfirmed sponsor account found so let's load the requested data
// Prepare email and send it to the sponsor
$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
- SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+ SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
// Update password
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
WHERE id='%s' LIMIT 1",
array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
// Load form
LOAD_TEMPLATE("guest_sponsor_lost");
}
-} elseif (isset($_POST['ok'])) {
+} elseif (IS_FORM_SENT()) {
// Check status and login data ...
- $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
+ $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
+ array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
list($status) = SQL_FETCHROW($result);
if ($status == "CONFIRMED") {
- // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
- // seperate timeout for these two cookies?
- $life = (time() + getConfig('online_timeout'));
-
// Is confirmed so both is fine and we can continue with login procedure
- $login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
- (setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH)));
+ $login = ((set_session('sponsorid' , bigintval(REQUEST_POST('sponsorid')))) &&
+ (set_session('sponsorpass', md5(REQUEST_POST('pass')) ))
+ );
if ($login) {
// Cookie setup successfull so we can forward to sponsor area
- LOAD_URL(URL."/modules.php?module=sponsor");
+ LOAD_URL("modules.php?module=sponsor");
} else {
// Cookie setup failed!
LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
- OUTPUT_HTML("<br />");
// Login formular and other links
LOAD_TEMPLATE("guest_sponsor_login");
// Status is not fine
$content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
LOAD_TEMPLATE("admin_settings_saved", false, $content);
- OUTPUT_HTML("<br />");
// Login formular and other links
LOAD_TEMPLATE("guest_sponsor_login");
} else {
// Account missing or wrong pass! We shall not find this out for the "hacker folks"...
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
- OUTPUT_HTML("<br />");
// Login formular and other links
LOAD_TEMPLATE("guest_sponsor_login");