X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=1cd64496cc2c694136ec36e5a0c8a7ecaad50111;hb=d508f875d53a7b2e75f02e66b37be3cf30451276;hp=895e2280de8cac8ce12b0ae7abe9992b1e87c213;hpb=001e43c93664d89ffc23aa4452aac8520279086d;p=mailer.git diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index 895e2280de..1cd64496cc 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -36,9 +36,9 @@ if (!defined('__SECURITY')) { require($INC); } elseif ((!EXT_IS_ACTIVE("sponsor"))) { if (IS_ADMIN()) { - ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "sponsor")); + addFatalMessage(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "sponsor")); } else { - ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor"); + addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor"); } return; } @@ -63,8 +63,8 @@ if (!empty($_GET['hash'])) { company, position, tax_ident, street_nr1, street_nr2, country, zip, city, email, phone, fax, cell, points_amount AS points, last_pay AS pay, last_curr AS curr -FROM "._MYSQL_PREFIX."_sponsor_data -WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL') +FROM `{!_MYSQL_PREFIX!}_sponsor_data` +WHERE hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", array($_GET['hash']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... @@ -78,8 +78,8 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__); // Unconfirmed account or changed email address? if ($SPONSOR['status'] == "UNCONFIRMED") { // Set account to pending - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING' -WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='PENDING' +WHERE id='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1", array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__); // Check on success @@ -99,8 +99,8 @@ WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1", } } elseif ($SPONSOR['status'] == "EMAIL") { // Changed email adress need to be confirmed - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED' -WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET `status`='CONFIRMED' +WHERE id='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1", array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__); // Check on success @@ -132,8 +132,8 @@ WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1", if (isset($_POST['ok'])) { // Check email $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created -FROM "._MYSQL_PREFIX."_sponsor_data -WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1", +FROM `{!_MYSQL_PREFIX!}_sponsor_data` +WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", array($_POST['email']), __FILE__, __LINE__); // Entry found? @@ -178,8 +178,8 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1", if (isset($_POST['ok'])) { // Check email $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created -FROM "._MYSQL_PREFIX."_sponsor_data -WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1", +FROM `{!_MYSQL_PREFIX!}_sponsor_data` +WHERE email='%s' AND id='%s' AND `status`='CONFIRMED' LIMIT 1", array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { @@ -198,7 +198,7 @@ WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1", SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor); // Update password - $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s' + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET password='%s' WHERE id='%s' LIMIT 1", array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__); @@ -217,28 +217,24 @@ WHERE id='%s' LIMIT 1", } } elseif (isset($_POST['ok'])) { // Check status and login data ... - $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data + $result = SQL_QUERY_ESC("SELECT status FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE id='%s' AND password='%s' LIMIT 1", array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? list($status) = SQL_FETCHROW($result); if ($status == "CONFIRMED") { - // Calculate cookie lifetime, maybe we have to change this so the admin can setup a - // seperate timeout for these two cookies? - $life = (time() + getConfig('online_timeout')); - // Is confirmed so both is fine and we can continue with login procedure - $login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) && - (setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH))); + $login = ((set_session('sponsorid' , bigintval($_POST['sponsorid']))) && + (set_session('sponsorpass', md5($_POST['pass']) )) + ); if ($login) { // Cookie setup successfull so we can forward to sponsor area - LOAD_URL(URL."/modules.php?module=sponsor"); + LOAD_URL("modules.php?module=sponsor"); } else { // Cookie setup failed! LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED); - OUTPUT_HTML("
"); // Login formular and other links LOAD_TEMPLATE("guest_sponsor_login"); @@ -247,7 +243,6 @@ WHERE id='%s' AND password='%s' LIMIT 1", // Status is not fine $content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).''); LOAD_TEMPLATE("admin_settings_saved", false, $content); - OUTPUT_HTML("
"); // Login formular and other links LOAD_TEMPLATE("guest_sponsor_login"); @@ -255,7 +250,6 @@ WHERE id='%s' AND password='%s' LIMIT 1", } else { // Account missing or wrong pass! We shall not find this out for the "hacker folks"... LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS); - OUTPUT_HTML("
"); // Login formular and other links LOAD_TEMPLATE("guest_sponsor_login");