X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=215d31782bf4ecbfa808b7f417e48787407cab21;hb=8d2c9b91eb82ea74fac58b2541982f760d0f77fc;hp=3bfc7d14f95b14a8bd23b422917e74cbf252bf67;hpb=0fe94791af05018868398d3c6c87d2b16f9557a2;p=mailer.git diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index 3bfc7d14f9..215d31782b 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -14,10 +14,9 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * + * Copyright (c) 2009, 2010 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -47,7 +46,10 @@ addMenuDescription('guest', __FILE__); if ((!isExtensionActive('sponsor'))) { loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor')); return; -} // END - if +} elseif (isSponsor()) { + // Is already a logged-in sponsor + redirectToUrl('modules.php?module=sponsor'); +} $mode = ''; if (isGetRequestParameterSet('mode')) { @@ -69,60 +71,77 @@ if (isGetRequestParameterSet('hash')) { FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE - `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') + `hash`='%s' AND ( + `status`='UNCONFIRMED' OR + `status`='EMAIL' + ) LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... - $SPONSOR = SQL_FETCHARRAY($result); - - // Translate gender and comma - $SPONSOR['gender'] = translateGender($SPONSOR['gender']); - $SPONSOR['points'] = translateComma($SPONSOR['points']); - $SPONSOR['pay'] = translateComma($SPONSOR['pay']); + $data = SQL_FETCHARRAY($result); // Unconfirmed account or changed email address? - if ($SPONSOR['status'] == 'UNCONFIRMED') { + if ($data['status'] == 'UNCONFIRMED') { // Set account to pending - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='PENDING' -WHERE `id`='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1", - array(bigintval($SPONSOR['id']), getRequestParameter('hash')), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE + `{?_MYSQL_PREFIX?}_sponsor_data` +SET + `status`='PENDING', + `hash`=NULL +WHERE + `id`=%s AND + `hash`='%s' AND + `status`='UNCONFIRMED' +LIMIT 1", + array( + bigintval($data['id']), + getRequestParameter('hash') + ), __FILE__, __LINE__); // Check on success if (SQL_AFFECTEDROWS() == 1) { // Prepare mail and send it to the sponsor - $message = loadEmailTemplate('sponsor_pending', $SPONSOR); - sendEmail($SPONSOR['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message); + $message = loadEmailTemplate('sponsor_pending', $data); + sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message); // Send email to admin - sendAdminNotification(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $SPONSOR); + sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data); // Sponsor account set to pending - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_PENDING--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_PENDING_FAILED--}'); } - } elseif ($SPONSOR['status'] == 'EMAIL') { + } elseif ($data['status'] == 'EMAIL') { // Changed email adress need to be confirmed - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='CONFIRMED' -WHERE `id`='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1", - array(bigintval($SPONSOR['id']), getRequestParameter('hash')), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE + `{?_MYSQL_PREFIX?}_sponsor_data` +SET + `status`='CONFIRMED', + `hash`=NULL +WHERE + `id`=%s AND + `hash`='%s' AND + `status`='EMAIL' +LIMIT 1", + array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__); // Check on success if (SQL_AFFECTEDROWS() == 1) { // Sponsor account is unlocked again - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_EMAIL_FAILED--}'); } } else { /// ??? Other status? - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_STATUS_FAILED--}'); } } else { // No sponsor found - loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash'))); + loadTemplate('admin_settings_saved', false, getMaskedMessage('SPONSOR_ACCOUNT_404', getRequestParameter('hash'))); } // Free memory @@ -136,35 +155,40 @@ WHERE `id`='%s' AND hash='%s' AND `status`='EMAIL' LIMIT 1", if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", + $result = SQL_QUERY_ESC("SELECT + `id`, `hash`, `status`, `remote_addr`, `gender`, `surname`, `family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `email`='%s' AND + (`status`='UNCONFIRMED' OR `status`='EMAIL') +LIMIT 1", array(postRequestParameter('email')), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Unconfirmed sponsor account found so let's load the requested data - $SPONSOR = SQL_FETCHARRAY($result); + $data = SQL_FETCHARRAY($result); // Translate some data - $SPONSOR['gender'] = translateGender($SPONSOR['gender']); - $SPONSOR['sponsor_created'] = generateDateTime($SPONSOR['sponsor_created']); + $data['sponsor_created'] = generateDateTime($data['sponsor_created']); // Prepare email and send it to the sponsor - if ($SPONSOR['status'] == 'UNCONFIRMED') { + if ($data['status'] == 'UNCONFIRMED') { // Unconfirmed accounts - $message_sponsor = loadEmailTemplate('sponsor_activate', $SPONSOR); + $message_sponsor = loadEmailTemplate('sponsor_activate', $data); } else { // Confirmed email address - $message_sponsor = loadEmailTemplate('sponsor_email', $SPONSOR); + $message_sponsor = loadEmailTemplate('sponsor_email', $data); } - sendEmail(postRequestParameter('email'), getMessage('SPONSOR_ACTIVATION_LINK_SUBJ'), $message_sponsor); + sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor); // Output message - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_404--}'); } // Free memory @@ -182,9 +206,16 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created` -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT + `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `email`='%s' AND + `id`=%s AND + `status`='CONFIRMED' +LIMIT 1", array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__); // Entry found? @@ -192,27 +223,29 @@ WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", // Unconfirmed sponsor account found so let's load the requested data $DATA = SQL_FETCHARRAY($result); - // Translate some data - $DATA['gender'] = translateGender($DATA['gender']); - $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); - - // Generate password + // Generate password/translate some data $DATA['password'] = generatePassword(); + $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); // Prepare email and send it to the sponsor $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA); - sendEmail(postRequestParameter('email'), getMessage('SPONSOR_LOST_PASSWORD_SUBJ'), $message_sponsor); + sendEmail(postRequestParameter('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor); // Update password - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `password`='%s' -WHERE `id`='%s' LIMIT 1", + SQL_QUERY_ESC("UPDATE + `{?_MYSQL_PREFIX?}_sponsor_data` +SET + `password`='%s' +WHERE + `id`=%s +LIMIT 1", array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__); // Output message - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_404--}'); } // Free memory @@ -223,17 +256,26 @@ WHERE `id`='%s' LIMIT 1", } } elseif (isFormSent()) { // Check status and login data ... - $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `id`='%s' AND password='%s' LIMIT 1", - array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `status` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `id`=%s AND + `password`='%s' +LIMIT 1", + array( + bigintval(postRequestParameter('sponsor_id')), + md5(postRequestParameter('password')) + ), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? list($status) = SQL_FETCHROW($result); if ($status == 'CONFIRMED') { // Is confirmed so both is fine and we can continue with login procedure - $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) && - (setSession('sponsorpass', md5(postRequestParameter('pass')) )) + $login = ((setSession('sponsor_id' , bigintval(postRequestParameter('sponsor_id')))) && + (setSession('sponsor_pass', md5(postRequestParameter('password')) )) ); if ($login === true) { @@ -241,21 +283,21 @@ WHERE `id`='%s' AND password='%s' LIMIT 1", redirectToUrl('modules.php?module=sponsor'); } else { // Cookie setup failed! - loadTemplate('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_COOKIE_SETUP_FAILED--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Status is not fine - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Account missing or wrong pass! We shall not find this out for the "cracker folks"... - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS')); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}'); // Login formular and other links loadTemplate('guest_sponsor_login');