inc/modules/guest/what-sponsor_login.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 06/10/2005 *
   4  * ===============                              Last change: 05/18/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-sponsor_login.php                           *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Login form and password resending for sponsor    *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software. You can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License.       *
  21  *                                                                      *
  22  * This program is distributed in the hope that it will be useful,      *
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  25  * GNU General Public License for more details.                         *
  26  *                                                                      *
  27  * You should have received a copy of the GNU General Public License    *
  28  * along with this program; if not, write to the Free Software          *
  29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  30  * MA  02110-1301  USA                                                  *
  31  ************************************************************************/
  32
  33 // Some security stuff...
  34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
  35 {
  36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
  37         require($INC);
  38 }
  39
  40 // Add description as navigation point
  41 ADD_DESCR("guest", basename(__FILE__));
  42
  43 $MODE = "";
  44 if (!empty($_GET['mode']))
  45 {
  46         // A "special" mode of the login system was requested
  47         switch ($_GET['mode'])
  48         {
  49                 case "activate" : $MODE = "activate";  break; // Activation link requested
  50                 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
  51         }
  52 }
  53
  54 // Check if hash for confirmation of email address is given...
  55 if (!empty($_GET['hash']))
  56 {
  57         // Lookup sponsor
  58         $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
  59 company, position, tax_ident,
  60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
  61 points_amount AS points, last_pay AS pay, last_curr AS curr
  62 FROM "._MYSQL_PREFIX."_sponsor_data
  63 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
  64 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
  65         if (SQL_NUMROWS($result) == 1)
  66         {
  67                 // Sponsor found, load his data...
  68                 $SPONSOR = SQL_FETCHARRAY($result);
  69
  70                 // Translate salut and comma
  71                 $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
  72                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
  73                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
  74
  75                 // Unconfirmed account or changed email address?
  76                 if ($SPONSOR['status'] == "UNCONFIRMED")
  77                 {
  78                         // Set account to pending
  79                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
  80 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
  81  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  82
  83                         // Check on success
  84                         if (SQL_AFFECTEDROWS() == 1)
  85                         {
  86                                 // Prepare mail and send it to the sponsor
  87                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
  88                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
  89
  90                                 // Send email to admin
  91                                 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
  92
  93                                 // Sponsor account set to pending
  94                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
  95                         }
  96                          else
  97                         {
  98                                 // Could not unlock account!
  99                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
 100                         }
 101                 }
 102                  elseif ($SPONSOR['status'] == "EMAIL")
 103                 {
 104                         // Changed email adress need to be confirmed
 105                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
 106 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
 107  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 108
 109                         // Check on success
 110                         if (SQL_AFFECTEDROWS() == 1)
 111                         {
 112                                 // Sponsor account is unlocked again
 113                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
 114                         }
 115                          else
 116                         {
 117                                 // Could not unlock account!
 118                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
 119                         }
 120                 }
 121                  else
 122                 {
 123                         /// ??? Other status?
 124                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
 125                 }
 126         }
 127          else
 128         {
 129                 // No sponsor found
 130                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
 131         }
 132
 133         // Free memory
 134         SQL_FREERESULT($result);
 135 }
 136  elseif ($MODE == "activate")
 137 {
 138         // Send activation link again
 139         if (isset($_POST['ok']))
 140         {
 141                 // Check submitted data
 142                 if (empty($_POST['email'])) unset($_POST['ok']);
 143         }
 144
 145         if (isset($_POST['ok']))
 146         {
 147                 // Check email
 148                 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
 149 FROM "._MYSQL_PREFIX."_sponsor_data
 150 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
 151  array($_POST['email']), __FILE__, __LINE__);
 152                 if (SQL_NUMROWS($result) == 1)
 153                 {
 154                         // Unconfirmed sponsor account found so let's load the requested data
 155                         $SPONSOR = SQL_FETCHARRAY($result);
 156
 157                         // Translate some data
 158                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
 159                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 160
 161                         // Prepare email and send it to the sponsor
 162                         if ($SPONSOR['status'] == "UNCONFIRMED")
 163                         {
 164                                 // Unconfirmed accounts
 165                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
 166                         }
 167                          else
 168                         {
 169                                 // Confirmed email address
 170                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
 171                         }
 172                         SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 173
 174                         // Output message
 175                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
 176                 }
 177                  else
 178                 {
 179                         // No account found or not UNCONFIRMED
 180                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
 181                 }
 182
 183                 // Free memory
 184                 SQL_FREERESULT($result);
 185         }
 186          else
 187         {
 188                 // Load form
 189                 LOAD_TEMPLATE("guest_sponsor_activate");
 190         }
 191 }
 192  elseif ($MODE == "lost_pass")
 193 {
 194         // Send new password
 195         if (isset($_POST['ok']))
 196         {
 197                 // Check submitted data
 198                 if (empty($_POST['email'])) unset($_POST['ok']);
 199         }
 200
 201         if (isset($_POST['ok']))
 202         {
 203                 // Check email
 204                 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
 205 FROM "._MYSQL_PREFIX."_sponsor_data
 206 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
 207  array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
 208                 if (SQL_NUMROWS($result) == 1)
 209                 {
 210                         // Unconfirmed sponsor account found so let's load the requested data
 211                         $SPONSOR = SQL_FETCHARRAY($result);
 212
 213                         // Translate some data
 214                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
 215                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 216
 217                         // Generate password
 218                         $SPONSOR['password']        = GEN_PASS();
 219
 220                         // Prepare email and send it to the sponsor
 221                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
 222                         SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 223
 224                         // Update password
 225                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
 226 WHERE id='%s' LIMIT 1",
 227  array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
 228
 229                         // Output message
 230                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
 231                 }
 232                  else
 233                 {
 234                         // No account found or not UNCONFIRMED
 235                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
 236                 }
 237
 238                 // Free memory
 239                 SQL_FREERESULT($result);
 240         }
 241          else
 242         {
 243                 // Load form
 244                 LOAD_TEMPLATE("guest_sponsor_lost");
 245         }
 246 }
 247  elseif (isset($_POST['ok']))
 248 {
 249         // Check status and login data ...
 250         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
 251 WHERE id='%s' AND password='%s' LIMIT 1",
 252  array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
 253         if (SQL_NUMROWS($result) == 1)
 254         {
 255                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 256                 list($status) = SQL_FETCHROW($result);
 257                 if ($status == "CONFIRMED")
 258                 {
 259                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
 260                         // seperate timeout for these two cookies?
 261                         $life = (time() + $CONFIG['online_timeout']);
 262
 263                         // Is confirmed so both is fine and we can continue with login procedure
 264                         $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
 265                                   (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
 266
 267                         if ($login)
 268                         {
 269                                 // Cookie setup successfull so we can forward to sponsor area
 270                                 LOAD_URL(URL."/modules.php?module=sponsor");
 271                         }
 272                          else
 273                         {
 274                                 // Cookie setup failed!
 275                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
 276                                 OUTPUT_HTML("<BR>");
 277
 278                                 // Login formular and other links
 279                                 LOAD_TEMPLATE("guest_sponsor_login");
 280                         }
 281                 }
 282                  else
 283                 {
 284                         // Status is not fine
 285                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
 286                         eval($eval);
 287                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
 288                         OUTPUT_HTML("<BR>");
 289
 290                         // Login formular and other links
 291                         LOAD_TEMPLATE("guest_sponsor_login");
 292                 }
 293         }
 294          else
 295         {
 296                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
 297                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
 298                 OUTPUT_HTML("<BR>");
 299
 300                 // Login formular and other links
 301                 LOAD_TEMPLATE("guest_sponsor_login");
 302         }
 303
 304         // Free memory
 305         SQL_FREERESULT($result);
 306 }
 307  else
 308 {
 309         // Login formular and other links
 310         LOAD_TEMPLATE("guest_sponsor_login");
 311 }
 312
 313 //
 314 ?>