X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=ae9999f57bc45359c1476474b3505bcbdec58210;hb=4001187f22197f55e5a1f211fc8defcc180f7c32;hp=b70f75f38bc6369fc3deb502968610fb3b75ab2d;hpb=82d53dfb7f59fa1e37bd500e3db3d10a9d4a78da;p=mailer.git

diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php
index b70f75f38b..ae9999f57b 100644
--- a/inc/modules/guest/what-sponsor_login.php
+++ b/inc/modules/guest/what-sponsor_login.php
@@ -31,39 +31,38 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
 	require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor"))) {
+	addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "sponsor");
+	return;
 }
 
 // Add description as navigation point
-ADD_DESCR("guest", basename(__FILE__));
+ADD_DESCR("guest", __FILE__);
 
 $MODE = "";
-if (!empty($_GET['mode']))
-{
+if (REQUEST_ISSET_GET(('mode'))) {
 	// A "special" mode of the login system was requested
-	switch ($_GET['mode'])
+	switch (REQUEST_GET('mode'))
 	{
 		case "activate" : $MODE = "activate";  break; // Activation link requested
 		case "lost_pass": $MODE = "lost_pass"; break; // Request new password
 	}
-}
+} // END - if
 
 // Check if hash for confirmation of email address is given...
-if (!empty($_GET['hash']))
-{
+if (REQUEST_ISSET_GET(('hash'))) {
 	// Lookup sponsor
 	$result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
 company, position, tax_ident,
 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
 points_amount AS points, last_pay AS pay, last_curr AS curr
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
-LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 1)
-	{
+FROM `{!_MYSQL_PREFIX!}_sponsor_data`
+WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL')
+LIMIT 1", array(REQUEST_GET('hash')), __FILE__, __LINE__);
+	if (SQL_NUMROWS($result) == 1) {
 		// Sponsor found, load his data...
 		$SPONSOR = SQL_FETCHARRAY($result);
 
@@ -73,84 +72,68 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
 		$SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
 
 		// Unconfirmed account or changed email address?
-		if ($SPONSOR['status'] == "UNCONFIRMED")
-		{
+		if ($SPONSOR['status'] == "UNCONFIRMED") {
 			// Set account to pending
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
-WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING'
+WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1",
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
 
-			// Check on success 
-			if (SQL_AFFECTEDROWS() == 1)
-			{
+			// Check on success
+			if (SQL_AFFECTEDROWS() == 1) {
 				// Prepare mail and send it to the sponsor
 				$MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
-				SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
+				SEND_EMAIL($SPONSOR['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $MSG);
 
 				// Send email to admin
-				SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
+				SEND_ADMIN_NOTIFICATION(getMessage('ADMIN_NEW_SPONSOR'), "admin_sponsor_pending", $SPONSOR);
 
 				// Sponsor account set to pending
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
-			}
-			 else
-			{
+				LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_IS_PENDING'));
+			} else {
 				// Could not unlock account!
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
+				LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED'));
 			}
-		}
-		 elseif ($SPONSOR['status'] == "EMAIL")
-		{
+		} elseif ($SPONSOR['status'] == "EMAIL") {
 			// Changed email adress need to be confirmed
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
-WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
- array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED'
+WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1",
+ array(bigintval($SPONSOR['id']), REQUEST_GET('hash')), __FILE__, __LINE__);
 
 			// Check on success 
-			if (SQL_AFFECTEDROWS() == 1)
-			{
+			if (SQL_AFFECTEDROWS() == 1) {
 				// Sponsor account is unlocked again
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
-			}
-			 else
-			{
+				LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN'));
+			} else {
 				// Could not unlock account!
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
+				LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED'));
 			}
-		}
-		 else
-		{
+		} else {
 			/// ??? Other status?
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
+			LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED'));
 		}
-	}
-	 else
-	{
+	} else {
 		// No sponsor found
-		LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
+		LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACCOUNT_NOT_FOUND'));
 	}
 
 	// Free memory
 	SQL_FREERESULT($result);
-}
- elseif ($MODE == "activate")
-{
+} elseif ($MODE == "activate") {
 	// Send activation link again
-	if (isset($_POST['ok']))
-	{
+	if (IS_FORM_SENT()) {
 		// Check submitted data
-		if (empty($_POST['email'])) unset($_POST['ok']);
+		if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
 	}
 
-	if (isset($_POST['ok']))
-	{
+	if (IS_FORM_SENT()) {
 		// Check email
 		$result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+FROM `{!_MYSQL_PREFIX!}_sponsor_data`
+WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1",
+			array(REQUEST_POST('email')), __FILE__, __LINE__);
+
+		// Entry found?
+		if (SQL_NUMROWS($result) == 1) {
 			// Unconfirmed sponsor account found so let's load the requested data
 			$SPONSOR = SQL_FETCHARRAY($result);
 
@@ -159,54 +142,43 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
 			$SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 
 			// Prepare email and send it to the sponsor
-			if ($SPONSOR['status'] == "UNCONFIRMED")
-			{
+			if ($SPONSOR['status'] == "UNCONFIRMED") {
 				// Unconfirmed accounts
 				$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
-			}
-			 else
-			{
+			} else {
 				// Confirmed email address
 				$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
 			}
-			SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+			SEND_EMAIL(REQUEST_POST('email'), SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 
 			// Output message
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
-		}
-		 else
-		{
+			LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACTIVATION_LINK_SENT'));
+		} else {
 			// No account found or not UNCONFIRMED
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
+			LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_ACTIVATION_LINK_404'));
 		}
 
 		// Free memory
 		SQL_FREERESULT($result);
-	}
-	 else
-	{
+	} else {
 		// Load form
 		LOAD_TEMPLATE("guest_sponsor_activate");
 	}
-}
- elseif ($MODE == "lost_pass")
-{
+} elseif ($MODE == "lost_pass") {
 	// Send new password
-	if (isset($_POST['ok']))
-	{
+	if (IS_FORM_SENT()) {
 		// Check submitted data
-		if (empty($_POST['email'])) unset($_POST['ok']);
-	}
+		if (!REQUEST_ISSET_POST(('email'))) REQUEST_UNSET_POST('ok');
+	} // END - if
 
-	if (isset($_POST['ok']))
-	{
+	if (IS_FORM_SENT()) {
 		// Check email
 		$result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+FROM `{!_MYSQL_PREFIX!}_sponsor_data`
+WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1",
+			array(REQUEST_POST('email'), bigintval(REQUEST_POST('id'))), __FILE__, __LINE__);
+		// Entry found?
+		if (SQL_NUMROWS($result) == 1) {
 			// Unconfirmed sponsor account found so let's load the requested data
 			$SPONSOR = SQL_FETCHARRAY($result);
 
@@ -219,83 +191,61 @@ WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
 
 			// Prepare email and send it to the sponsor
 			$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
-			SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+			SEND_EMAIL(REQUEST_POST('email'), SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 
 			// Update password
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
+			SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s'
 WHERE id='%s' LIMIT 1",
  array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
 
 			// Output message
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
-		}
-		 else
-		{
+			LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_LOST_PASSWORD_SENT'));
+		} else {
 			// No account found or not UNCONFIRMED
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
+			LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_LOST_PASSWORD_404'));
 		}
 
 		// Free memory
 		SQL_FREERESULT($result);
-	}
-	 else
-	{
+	} else {
 		// Load form
 		LOAD_TEMPLATE("guest_sponsor_lost");
 	}
-}
- elseif (isset($_POST['ok']))
-{
+} elseif (IS_FORM_SENT()) {
 	// Check status and login data ...
-	$result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
+	$result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data`
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 1)
-	{
+		array(bigintval(REQUEST_POST('sponsorid')), md5(REQUEST_POST('pass'))), __FILE__, __LINE__);
+	if (SQL_NUMROWS($result) == 1) {
 		// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 		list($status) = SQL_FETCHROW($result);
-		if ($status == "CONFIRMED")
-		{
-			// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
-			// seperate timeout for these two cookies?
-			$life = (time() + $_CONFIG['online_timeout']);
-
+		if ($status == "CONFIRMED") {
 			// Is confirmed so both is fine and we can continue with login procedure
-			$login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
-			          (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
+			$login = ((set_session('sponsorid'  , bigintval(REQUEST_POST('sponsorid')))) &&
+			          (set_session('sponsorpass', md5(REQUEST_POST('pass'))           ))
+			);
 
-			if ($login)
-			{
+			if ($login) {
 				// Cookie setup successfull so we can forward to sponsor area
-				LOAD_URL(URL."/modules.php?module=sponsor");
-			}
-			 else
-			{
+				LOAD_URL("modules.php?module=sponsor");
+			} else {
 				// Cookie setup failed!
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
-				OUTPUT_HTML("<BR>");
+				LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED'));
 
 				// Login formular and other links
 				LOAD_TEMPLATE("guest_sponsor_login");
 			}
-		}
-		 else
-		{
+		} else {
 			// Status is not fine
-			$eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
-			eval($eval);
+			$content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
 			LOAD_TEMPLATE("admin_settings_saved", false, $content);
-			OUTPUT_HTML("<BR>");
 
 			// Login formular and other links
 			LOAD_TEMPLATE("guest_sponsor_login");
 		}
-	}
-	 else
-	{
+	} else {
 		// Account missing or wrong pass! We shall not find this out for the "hacker folks"...
-		LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
-		OUTPUT_HTML("<BR>");
+		LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS'));
 
 		// Login formular and other links
 		LOAD_TEMPLATE("guest_sponsor_login");
@@ -303,9 +253,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
 
 	// Free memory
 	SQL_FREERESULT($result);
-}
- else
-{
+} else {
 	// Login formular and other links
 	LOAD_TEMPLATE("guest_sponsor_login");
 }