X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=98fbb1fcd511b4d9b24f7455504acccdbc181699;hb=27faaef0ff9ca5c5e240a1d0144485d59592548c;hp=8bd46e44f8b0f133073ef98b72dc614a1e28ea3a;hpb=528cb262219d23d8023ec549cd168edb71ef409c;p=mailer.git diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index 8bd46e44f8..98fbb1fcd5 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -48,7 +48,10 @@ addMenuDescription('guest', __FILE__); if ((!isExtensionActive('sponsor'))) { loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor')); return; -} // END - if +} elseif (isSponsor()) { + // Is already a logged-in sponsor + redirectToUrl('modules.php?module=sponsor'); +} $mode = ''; if (isGetRequestParameterSet('mode')) { @@ -70,7 +73,10 @@ if (isGetRequestParameterSet('hash')) { FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE - `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') + `hash`='%s' AND ( + `status`='UNCONFIRMED' OR + `status`='EMAIL' + ) LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... @@ -82,10 +88,11 @@ LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='PENDING' + `status`='PENDING', + `hash`=NULL WHERE `id`=%s AND - hash='%s' AND + `hash`='%s' AND `status`='UNCONFIRMED' LIMIT 1", array( @@ -113,9 +120,10 @@ LIMIT 1", SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='CONFIRMED' + `status`='CONFIRMED', + `hash`=NULL WHERE - `id`='%s' AND + `id`=%s AND `hash`='%s' AND `status`='EMAIL' LIMIT 1", @@ -149,9 +157,15 @@ LIMIT 1", if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", + $result = SQL_QUERY_ESC("SELECT + `id`, `hash`, `status`, `remote_addr`, `gender`, `surname`, `family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `email`='%s' AND + (`status`='UNCONFIRMED' OR `status`='EMAIL') +LIMIT 1", array(postRequestParameter('email')), __FILE__, __LINE__); // Entry found? @@ -194,9 +208,16 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created` -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT + `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `email`='%s' AND + `id`=%s AND + `status`='CONFIRMED' +LIMIT 1", array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__); // Entry found? @@ -204,12 +225,9 @@ WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", // Unconfirmed sponsor account found so let's load the requested data $DATA = SQL_FETCHARRAY($result); - // Translate some data - $DATA['gender'] = translateGender($DATA['gender']); - $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); - - // Generate password + // Generate password/translate some data $DATA['password'] = generatePassword(); + $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); // Prepare email and send it to the sponsor $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA); @@ -240,9 +258,18 @@ LIMIT 1", } } elseif (isFormSent()) { // Check status and login data ... - $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `id`='%s' AND password='%s' LIMIT 1", - array(bigintval(postRequestParameter('sponsor_id')), md5(postRequestParameter('pass'))), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `status` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `id`=%s AND + `password`='%s' +LIMIT 1", + array( + bigintval(postRequestParameter('sponsor_id')), + md5(postRequestParameter('password')) + ), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? @@ -250,7 +277,7 @@ WHERE `id`='%s' AND password='%s' LIMIT 1", if ($status == 'CONFIRMED') { // Is confirmed so both is fine and we can continue with login procedure $login = ((setSession('sponsor_id' , bigintval(postRequestParameter('sponsor_id')))) && - (setSession('sponsorpass', md5(postRequestParameter('pass')) )) + (setSession('sponsor_pass', md5(postRequestParameter('password')) )) ); if ($login === true) { @@ -258,7 +285,7 @@ WHERE `id`='%s' AND password='%s' LIMIT 1", redirectToUrl('modules.php?module=sponsor'); } else { // Cookie setup failed! - loadTemplate('admin_settings_saved', false, '{--SPONSPOR_COOKIE_SETUP_FAILED--}'); + loadTemplate('admin_settings_saved', false, '{--SPONSOR_COOKIE_SETUP_FAILED--}'); // Login formular and other links loadTemplate('guest_sponsor_login');