2 /************************************************************************
3 * MXChange v0.2.1 Start: 04/23/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : sponsor_functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for the sponsor area *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer den Sponsorenbereich *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
45 function handlSponsorRequest (&$postData, $update=false, $messageArray=array(), $RET_STATUS=false) {
46 // Init a lot variables
55 'ok', 'edit', 'terms', 'pay_type'
64 // Check if sponsor already exists
65 foreach ($postData as $k => $v) {
66 if (!(array_search($k, $SKIPPED) > -1)) {
67 // Check only posted input entries not the submit button
72 if (!isEmailValid($v)) {
73 // Email address is not valid
76 // Do we want to add a new sponsor or update his data?
77 $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE email='%s' LIMIT 1",
78 array($postData['email']), __FUNCTION__, __LINE__);
80 // Is a sponsor alread in the db?
81 if (SQL_NUMROWS($result) == 1) {
83 if ((getWhat() == 'add_sponsor') || ($update)) {
93 SQL_FREERESULT($result);
102 $k = 'password'; $v = md5($v);
106 if (!isUrlValid($v)) $SAVE = false;
110 // Test if there is are time selections
111 convertSelectionsToTimestamp($postData, $DATA, $k, $skip);
115 if ((!empty($k)) && ($skip == false)) {
117 $DATA['keys'][] = $k; $DATA['values'][] = $v;
123 if ($SAVE === true) {
124 // Default is no force even when a guest want to abuse this force switch
125 if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';
127 // SQL and message string is empty by default
128 $sql = ''; $message = '';
133 $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET ";
134 foreach ($DATA['keys'] as $k => $v) {
135 $sql .= $v."='%s', ";
138 // Remove last ", " from SQL string
139 $sql = substr($sql, 0, -2)." WHERE `id`='%s' LIMIT 1";
140 $DATA['values'][] = bigintval(getRequestElement('id'));
143 $message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_UPDATED'), 'updated', $messageArray);
145 } elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) {
146 // Add new sponsor, first add more data
147 $DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time();
148 $DATA['keys'][] = 'status';
149 if (($update === true) && (isAdmin()) && (getWhat() == 'add_sponsor')) {
150 // Only allowed for admin
151 $DATA['values'][] = 'PENDING';
154 $DATA['values'][] = 'UNCONFIRMED';
156 // Generate hash code
157 $DATA['keys'][] = 'hash';
158 $DATA['values'][] = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
159 $DATA['keys'][] = 'remote_addr';
160 $DATA['values'][] = detectRemoteAddr();
163 // Implode all data into strings
164 $KEYS = implode("`, `" , $DATA['keys']);
165 $valueS = str_repeat("%s', '", count($DATA['values']) - 1);
168 $sql = "INSERT INTO `{?_MYSQL_PREFIX?}_sponsor_data` (`".$KEYS."`) VALUES ('".$valueS."%s')";
171 $message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_ADDED'), "added", $messageArray);
173 } elseif (($update === true) && (isAdmin())) {
174 // Add all data as hidden data
176 foreach ($postData as $k => $v) {
177 // Do not add 'force' !
179 $OUT .= "<input type=\"hidden\" name=\"" . secureString($k) . "\" value=\"" . SQL_ESCAPE($v) . "\" />\n";
184 $content['hidden'] = $OUT;
185 $content['email'] = $postData['email'];
187 // Ask for adding a sponsor with same email address
188 loadTemplate('admin_add_sponsor_already', false, $content);
192 $message = sprintf(getMessage('SPONSOR_ALREADY_FOUND'), $postData['email']);
198 $result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
202 if (($update === true) && (isAdmin())) {
203 loadTemplate('admin_settings_saved', false, $message);
207 $message = getMessageFromIndexedArray(getMessage('SPONSOR_DATA_NOT_SAVED'), 'failed', $messageArray);
208 loadTemplate('admin_settings_saved', false, $message);
211 // Shall we return the status?
212 if ($RET_STATUS === true) return $ret;
216 function sponsorTranslateUserStatus ($status) {
217 // Construct constant name
218 $constantName = sprintf("ACCOUNT_%s", $status);
220 // Is the constant there?
221 if (defined($constantName)) {
223 $ret = constant($constantName);
226 logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
227 $ret = sprintf(getMessage('UNKNOWN_STATUS'), $status);
232 // Search for an email address in the database
233 function isSponsorRegisteredWithEmail ($email) {
234 // Do we already have the provided email address in our DB?
235 $ret = (countSumTotalData($email, 'sponsor_data', 'id', 'email', true) == 1);
241 // Wether the current user is a sponsor
242 function isSponsor () {
245 if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) {
246 // Check cookies against database records...
247 $result = SQL_QUERY_ESC("SELECT
250 `{?_MYSQL_PREFIX?}_sponsor_data`
252 `id`='%s' AND `password`='%s' AND `status`='CONFIRMED'
255 bigintval(getSession('sponsorid')),
256 getSession('sponsorpass')
257 ), __FUNCTION__, __LINE__);
258 if (SQL_NUMROWS($result) == 1) {
264 SQL_FREERESULT($result);
272 function addSponsorMenu ($current) {
274 $WHERE = " AND active='Y'";
275 if (isAdmin()) $WHERE = '';
277 // Load main menu entries
278 $result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
279 WHERE (`what`='' OR `what` IS NULL) ".$WHERE."
280 ORDER BY `sort`", __FUNCTION__, __LINE__);
281 if (SQL_NUMROWS($result_main) > 0) {
282 // Load every menu and it's sub menus
283 while ($content = SQL_FETCHARRAY($result_main)) {
285 $result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
286 WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE."
288 array($content['main_action']), __FUNCTION__, __LINE__);
289 if (SQL_NUMROWS($result_sub) > 0) {
292 while ($content2 = SQL_FETCHARRAY($result_sub)) {
294 $content = merge_array($content, $content2);
296 // Check if current selected menu is matching the loaded one
297 if ($current == $content['sub_what']) $content['sub_title'] = "<strong>".$content['sub_title']."</strong>";
299 // Prepare data for the sub template
301 'what' => $content['sub_what'],
302 'title' => $content['sub_title']
306 $SUB .= loadTemplate('sponsor_what', true, $content);
309 // Prepare data for the main template
311 'title' => $content['main_title'],
315 // Load menu template
316 $OUT .= loadTemplate('sponsor_action', true, $content);
318 // No sub menus active
319 $OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE'));
323 SQL_FREERESULT($result_sub);
326 // No main menus active
327 $OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE'));
331 SQL_FREERESULT($result_main);
338 function addSponsorContent ($what) {
340 $INC = sprintf("inc/modules/sponsor/%s.php", $what);
341 if (isIncludeReadable($INC)) {
342 // Every sponsor action will output nothing directly. It will be written into $OUT!
343 loadIncludeOnce($INC);
346 $OUT .= loadTemplate('admin_settings_saved', true, sprintf(getMessage('SPONSOR_CONTENT_404'), $what));
354 function updateSponsorLogin () {
360 // Update last online timestamp
361 SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data`
362 SET `last_online`=UNIX_TIMESTAMP()
363 WHERE `id`='%s' AND `password`='%s' LIMIT 1",
365 bigintval(getSession('sponsorid')),
366 getSession('sponsorpass')
367 ), __FUNCTION__, __LINE__);
369 // This update went fine?
370 $login = (SQL_AFFECTEDROWS() == 1);
377 // Saves sponsor's data
378 function saveSponsorData ($postData, $content) {
381 // Unsecure data which we don't want
382 $UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
383 'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
384 'ok', 'pass1', 'pass2');
386 // Set default message ("not saved")
387 $message = getMessage('SPONSOR_ACCOUNT_DATA_NOT_SAVED');
389 // Check for submitted passwords
390 if ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) {
391 // Are both passwords the same?
392 if ($postData['pass1'] == $postData['pass2']) {
393 // Okay, then set password and remove pass1 and pass2
394 $postData['password'] = md5($postData['pass1']);
398 // Remove all (maybe spoofed) unsafe data from array
399 foreach ($UNSAFE as $remove) {
400 unset($postData[$remove]);
403 // This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
407 // Prepare SQL string
408 $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET";
409 foreach ($postData as $key => $value) {
410 // Mmmmm, too less security here???
411 $sql .= " `".secureString($key)."`='%s',";
413 // We will secure this later inside the SQL_QUERY_ESC() function
414 $DATA[] = secureString($value);
417 // Check if email has changed
418 if ((!empty($content['email'])) && (!empty($postData['email']))) {
419 if ($content['email'] != $postData['email']) {
420 // Change email address
423 // Okay, has changed then add status with UNCONFIRMED and new hash code
424 $sql .= " `status`='EMAIL', `hash`='%s',";
426 // Generate hash code
427 $HASH = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
432 // Remove last commata
433 $sql = substr($sql, 0, -1);
436 $sql .= " WHERE `id`='%s' AND password='%s' LIMIT 1";
437 $DATA[] = bigintval(getSession('sponsorid'));
438 $DATA[] = getSession('sponsorpass');
440 // Saving data was completed... ufff...
443 case 'account': // Change account data
444 if ($EMAIL === true) {
445 $message = getMessage('SPONSOR_ACCOUNT_EMAIL_CHANGED');
446 $templ = 'admin_sponsor_change_email';
447 $subj = getMessage('ADMIN_SPONSOR_ACC_EMAIL_SUBJ');
449 $message = getMessage('SPONSOR_ACCOUNT_DATA_SAVED');
450 $templ = 'admin_sponsor_change_data';
451 $subj = getMessage('ADMIN_SPONSOR_ACC_DATA_SUBJ');
455 case 'settings': // Change settings
456 // Translate some data
457 $content['receive'] = translateYesNo($content['receive_warnings']);
458 $content['interval'] = createFancyTime($content['warning_interval']);
460 // Set message template and subject for admin
461 $message = getMessage('SPONSOR_SETTINGS_SAVED');
462 $templ = 'admin_sponsor_settings';
463 $subj = getMessage('ADMIN_SPONSOR_SETTINGS_SUBJ');
466 default: // Unknown sponsor what value!
467 logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat()));
468 $message = sprintf(getMessage('SPONSOR_UNKNOWN_WHAT'), getWhat());
469 $templ = ''; $subj = '';
473 if (SQL_AFFECTEDROWS() == 1) {
474 if (!empty($templ) && !empty($subj)) {
475 // Run SQL command and check for success
476 $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);
478 // Add all data to content
479 $content['new_data'] = $postData;
482 if (isset($content['gender'])) $content['gender'] = translateGender($content['gender']);
483 if (isset($content['new_data']['gender'])) $content['new_data']['gender'] = translateGender($content['new_data']['gender']);
484 if (isset($content['receive_warnings'])) $content['new_data']['receive'] = translateYesNo($content['new_data']['receive_warnings']);
485 if (isset($content['warning_interval'])) $content['new_data']['interval'] = createFancyTime($content['new_data']['warning_interval']);
487 // Send email to admins
488 sendAdminNotification($subj, $templ, $content);
490 // Shall we send mail to the sponsor's new email address?
491 if ($content['receive_warnings'] == 'Y') {
492 // Okay send email with confirmation link to new address and with no confirmation link
493 // to the old address
495 // First to old address
498 case 'account': // Change account data
499 $email_msg = loadEmailTemplate('sponsor_change_data', $content);
500 sendEmail($content['email'], getMessage('SPONSOR_ACC_DATA_SUBJ'), $email_msg);
502 if ($EMAIL === true) {
503 // Add hash code to content array
504 $content['hash'] = $HASH;
506 // Second mail goes to the new address
507 $email_msg = loadEmailTemplate('sponsor_change_email', $content);
508 sendEmail($content['email'], getMessage('SPONSOR_ACC_EMAIL_SUBJ'), $email_msg);
512 case 'settings': // Change settings
514 $email_msg = loadEmailTemplate('sponsor_settings', $content);
515 sendEmail($content['email'], getMessage('SPONSOR_SETTINGS_SUBJ'), $email_msg);
522 // Return final message
projects / mailer.git / blob