Updating profiles fixed. It was still broken since I have changed the password hashin...

author Roland Häder <roland@mxchange.org>

Wed, 13 Feb 2008 22:00:42 +0000 (22:00 +0000)

committer Roland Häder <roland@mxchange.org>

Wed, 13 Feb 2008 22:00:42 +0000 (22:00 +0000)
author Roland Häder <roland@mxchange.org>
Wed, 13 Feb 2008 22:00:42 +0000 (22:00 +0000)
committer Roland Häder <roland@mxchange.org>
Wed, 13 Feb 2008 22:00:42 +0000 (22:00 +0000)
diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php

index 2f75170617703453414e1df7de6a24971acdd448..c463f8de30061e4f730a9fd20d85a687c57cc927 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -49,6 +49,9 @@ function SQL_QUERY($sql_string, $F, $L)
  ".MYSQL_QUERY_STRING."<br />
  ".$sql_string);
  
+       // Debug output
+       //* DEBUG: */ print "Query=<em>".$sql_string."</em>, affected=<b>".SQL_AFFECTEDROWS()."</b>, numrows=<b>".SQL_NUMROWS($result)."</b><br />\n";
+
         if (($CSS != "1") && ($CSS != "-1") && (DEBUG_MODE) && (DEBUG_SQL))
         {
                 //
diff --git a/inc/language/de.php b/inc/language/de.php

index f49358c0ff1c9d4ec50f5f6b4cb431652969f7d0..6201cc02c8525ce529375103258b1c62f5a2a0f7 100644 (file)
--- a/inc/language/de.php
+++ b/inc/language/de.php
@@ -1095,5 +1095,7 @@ define('ADMIN_CONTACT_USER', "Mitglied kontaktieren");
  define('CONTACT_USER', "Mitglied kontaktieren");
  define('ADMIN_USER_CONTACTED', "Das Mitglied wurde per EMail kontaktiert.");
  define('ADMIN_CONTACT_USER_SUBJECT', "Nachricht vom {!MT_WORD!} {!MAIN_TITLE!}");
+define('MEMBER_CANNOT_LOAD_PROFILE', "Fehler beim Laden des Mitgliederprofiles. Bitte Support benachrichten.");
+
  //
  ?>
diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php

index 562738fc29b00e676dfa6da1bf38758aae58581f..1d87752921cfa0fab7d0b9b37cfc618e05ccb2e8 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -735,33 +735,42 @@ function GET_MOD_DESCR($MODE, $wht)
  //
  function SEND_MODE_MAILS($mod, $modes)
  {
-       global $_COOKIE, $_POST, $CONFIG, $DATA;
+       global $CONFIG, $DATA;
+
         // Load hash
-       $result_main = SQL_QUERY("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
          array($GLOBALS['userid']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result_main) == 1)
-       {
-               // Load hash and extract salt
-               list($hash) = SQL_FETCHROW($result_main);
-               $salt = substr($hash, 0, -40);
+       if (SQL_NUMROWS($result_main) == 1) {
+               // Load hash from database
+               list($hashDB) = SQL_FETCHROW($result_main);
+
+               // Extract salt from cookie
+               $salt = substr($_COOKIE['u_hash'], 0, -40);
  
                 // Now let's compare passwords
-               $hash = generateHash($_POST['pass1'], $salt);
-               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2']))
-               {
+               $hash = generatePassString($hashDB);
+               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
                         // Load user's data
                         $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
-                        array($GLOBALS['userid'], $hash), __FILE__, __LINE__);
-                       if (SQL_NUMROWS($result) == 1)
-                       {
+                        array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
+                       if (SQL_NUMROWS($result) == 1) {
+                               // Load the data
                                 $DATA = SQL_FETCHROW($result);
+
+                               // Free result
                                 SQL_FREERESULT($result);
+
+                               // Translate salutation
                                 $DATA[0] = TRANSLATE_SEX($DATA[0]);
+
+                               // Clear/init the content variable
+                               $content = "";
+                               $DATA['info'] = "";
+
                                 switch ($mod)
                                 {
                                 case "mydata":
-                                       foreach ($modes as $mode)
-                                       {
+                                       foreach ($modes as $mode) {
                                                 switch ($mode)
                                                 {
                                                 case "normal": break; // Do not add any special lines
@@ -778,10 +787,9 @@ function SEND_MODE_MAILS($mod, $modes)
                                                         $content = MEMBER_UNKNOWN_MODE.": ".$mode."\n\n";
                                                         break;
                                                 }
-                                       }
+                                       } // END - if
  
-                                       if (EXT_IS_ACTIVE("country"))
-                                       {
+                                       if (EXT_IS_ACTIVE("country")) {
                                                 // Replace code with description
                                                 $DATA[4] = COUNTRY_GENERATE_INFO($_POST['country_code']);
                                         }
@@ -789,14 +797,11 @@ function SEND_MODE_MAILS($mod, $modes)
                                         // Load template
                                         $msg = LOAD_EMAIL_TEMPLATE("member_mydata_notify", $content, $GLOBALS['userid']);
  
-                                       if ($CONFIG['admin_notify'] == 'Y')
-                                       {
+                                       if ($CONFIG['admin_notify'] == 'Y') {
                                                 // The admin needs to be notified about a profile change
                                                 $msg_admin = "admin_mydata_notify";
                                                 $sub_adm = ADMIN_CHANGED_DATA;
-                                       }
-                                        else
-                                       {
+                                       } else {
                                                 // No mail to admin
                                                 $msg_admin = "";
                                                 $sub_adm = "";
@@ -813,51 +818,42 @@ function SEND_MODE_MAILS($mod, $modes)
                                         $content = "<STRONG><SPAN class=\"member_failed\">".UNKNOWN_MODULE."</SPAN></STRONG>";
                                         break;
                                 }
-                       }
-                        else
-                       {
+                       } else {
                                 // Could not load profile data
                                 $content = "<STRONG><SPAN class=\"member_failed\">".MEMBER_CANNOT_LOAD_PROFILE."</SPAN></STRONG>";
                         }
-               }
-                else
-               {
+               } else {
                         // Passwords mismatch
                         $content = "<STRONG><SPAN class=\"member_failed\">".MEMBER_PASSWORD_ERROR."</SPAN></STRONG>";
                 }
-       }
-        else
-       {
+       } else {
                 // Could not load profile
                 $content = "<STRONG><SPAN class=\"member_failed\">".MEMBER_CANNOT_LOAD_PROFILE."</SPAN></STRONG>";
         }
-       if ((!empty($sub_mem)) && (!empty($msg)))
-       {
+
+       // Send email to user if required
+       if ((!empty($sub_mem)) && (!empty($msg))) {
                 // Send member mail
                 SEND_EMAIL($DATA[7], $sub_mem, $msg);
         }
-       if ((!empty($sub_adm)) && (!empty($msg_admin)))
-       {
-               // Send admin mail
-               if (GET_EXT_VERSION("admins") >= "0.4.1")
-               {
-                       SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']);
-               }
-                else
-               {
-                       SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid']));
+
+       // Send only if no other error has occured
+       if (empty($content)) {
+               if ((!empty($sub_adm)) && (!empty($msg_admin))) {
+                       // Send admin mail
+                       if (GET_EXT_VERSION("admins") >= "0.4.1") {
+                               SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']);
+                       } else {
+                               SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid']));
+                       }
+               } elseif ($CONFIG['admin_notify'] == 'Y') {
+                       // Cannot send mails to admin!
+                       $content = CANNOT_SEND_ADMIN_MAILS;
+               } else {
+                       // No mail to admin
+                       $content = "<STRONG><SPAN class=\"member_done\">".MYDATA_MAIL_SENT."</SPAN></STRONG>";
                 }
         }
-        elseif ($CONFIG['admin_notify'] == 'Y')
-       {
-               // Cannot send mails to admin!
-               $content = CANNOT_SEND_ADMIN_MAILS;
-       }
-        else
-       {
-               // No mail to admin
-               $content = "<STRONG><SPAN class=\"member_done\">".MYDATA_MAIL_SENT."</SPAN></STRONG>";
-       }
  
         // Load template
         LOAD_TEMPLATE("admin_settings_saved", false, $content);
author	Roland Häder <roland@mxchange.org>
	Wed, 13 Feb 2008 22:00:42 +0000 (22:00 +0000)
committer	Roland Häder <roland@mxchange.org>
	Wed, 13 Feb 2008 22:00:42 +0000 (22:00 +0000)
inc/db/lib-mysql3.php		patch \| blob \| history
inc/language/de.php		patch \| blob \| history
inc/mysql-manager.php		patch \| blob \| history