Way more usage of EL code:
[mailer.git] / inc / modules / guest / what-sponsor_login.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 06/10/2005 *
4  * ===================                          Last change: 05/18/2008 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-sponsor_login.php                           *
8  * -------------------------------------------------------------------- *
9  * Short description : Login form and password resending for sponsor    *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * -------------------------------------------------------------------- *
18  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
19  * Copyright (c) 2009 - 2011 by Mailer Developer Team                   *
20  * For more information visit: http://www.mxchange.org                  *
21  *                                                                      *
22  * This program is free software; you can redistribute it and/or modify *
23  * it under the terms of the GNU General Public License as published by *
24  * the Free Software Foundation; either version 2 of the License, or    *
25  * (at your option) any later version.                                  *
26  *                                                                      *
27  * This program is distributed in the hope that it will be useful,      *
28  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
29  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
30  * GNU General Public License for more details.                         *
31  *                                                                      *
32  * You should have received a copy of the GNU General Public License    *
33  * along with this program; if not, write to the Free Software          *
34  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
35  * MA  02110-1301  USA                                                  *
36  ************************************************************************/
37
38 // Some security stuff...
39 if (!defined('__SECURITY')) {
40         die();
41 } // END - if
42
43 // Add description as navigation point
44 addYouAreHereLink('guest', __FILE__);
45
46 if ((!isExtensionActive('sponsor'))) {
47         displayMessage(generateExtensionInactiveNotInstalledMessage('sponsor'));
48         return;
49 } elseif (isSponsor()) {
50         // Is already a logged-in sponsor
51         redirectToUrl('modules.php?module=sponsor');
52 }
53
54 $mode = '';
55 if (isGetRequestParameterSet('mode')) {
56         // A "special" mode of the login system was requested
57         switch (getRequestParameter('mode')) {
58                 case 'activate' : $mode = 'activate';  break; // Activation link requested
59                 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
60         } // END - switch
61 } // END - if
62
63 // Check if hash for confirmation of email address is given...
64 if (isGetRequestParameterSet('hash')) {
65         // Lookup sponsor
66         $result = SQL_QUERY_ESC("SELECT
67         `id`, `status`, `gender`, `surname`, `family`,
68         `company`, `position`, `tax_ident`,
69         `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
70         `points_amount` AS `points`, `last_payment`, `last_currency`
71 FROM
72         `{?_MYSQL_PREFIX?}_sponsor_data`
73 WHERE
74         `hash`='%s' AND (
75                 `status`='UNCONFIRMED' OR
76                 `status`='EMAIL'
77         )
78 LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
79         if (SQL_NUMROWS($result) == 1) {
80                 // Sponsor found, load his data...
81                 $data = SQL_FETCHARRAY($result);
82
83                 // Unconfirmed account or changed email address?
84                 if ($data['status'] == 'UNCONFIRMED') {
85                         // Set account to pending
86                         SQL_QUERY_ESC("UPDATE
87         `{?_MYSQL_PREFIX?}_sponsor_data`
88 SET
89         `status`='PENDING',
90         `hash`=NULL
91 WHERE
92         `id`=%s AND
93         `hash`='%s' AND
94         `status`='UNCONFIRMED'
95 LIMIT 1",
96                                 array(
97                                         bigintval($data['id']),
98                                         getRequestParameter('hash')
99                                 ), __FILE__, __LINE__);
100
101                         // Check on success
102                         if (!SQL_HASZEROAFFECTED()) {
103                                 // Prepare mail and send it to the sponsor
104                                 $message = loadEmailTemplate('sponsor_pending', $data);
105                                 sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
106
107                                 // Send email to admin
108                                 sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
109
110                                 // Sponsor account set to pending
111                                 displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}');
112                         } else {
113                                 // Could not unlock account!
114                                 displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
115                         }
116                 } elseif ($data['status'] == 'EMAIL') {
117                         // Changed email adress need to be confirmed
118                         SQL_QUERY_ESC("UPDATE
119         `{?_MYSQL_PREFIX?}_sponsor_data`
120 SET
121         `status`='CONFIRMED',
122         `hash`=NULL
123 WHERE
124         `id`=%s AND
125         `hash`='%s' AND
126         `status`='EMAIL'
127 LIMIT 1",
128                                 array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
129
130                         // Check on success
131                         if (!SQL_HASZEROAFFECTED()) {
132                                 // Sponsor account is unlocked again
133                                 displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
134                         } else {
135                                 // Could not unlock account!
136                                 displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
137                         }
138                 } else {
139                         // ??? Other status?
140                         displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
141                 }
142         } else {
143                 // No sponsor found
144                 displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestParameter('hash') . '%}');
145         }
146
147         // Free memory
148         SQL_FREERESULT($result);
149 } elseif ($mode == 'activate') {
150         // Send activation link again
151         if (isFormSent()) {
152                 // Check submitted data
153                 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
154         }
155
156         if (isFormSent()) {
157                 // Check email
158                 $result = SQL_QUERY_ESC("SELECT
159         `id`, `hash`, `status`, `remote_addr`, `gender`, `surname`, `family`,
160         UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
161 FROM
162         `{?_MYSQL_PREFIX?}_sponsor_data`
163 WHERE
164         `email`='%s' AND
165         (`status`='UNCONFIRMED' OR `status`='EMAIL')
166 LIMIT 1",
167                 array(postRequestParameter('email')), __FILE__, __LINE__);
168
169                 // Entry found?
170                 if (SQL_NUMROWS($result) == 1) {
171                         // Unconfirmed sponsor account found so let's load the requested data
172                         $data = SQL_FETCHARRAY($result);
173
174                         // Translate some data
175                         $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
176
177                         // Prepare email and send it to the sponsor
178                         if ($data['status'] == 'UNCONFIRMED') {
179                                 // Unconfirmed accounts
180                                 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
181                         } else {
182                                 // Confirmed email address
183                                 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
184                         }
185                         sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
186
187                         // Output message
188                         displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}');
189                 } else {
190                         // No account found or not UNCONFIRMED
191                         displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}');
192                 }
193
194                 // Free memory
195                 SQL_FREERESULT($result);
196         } else {
197                 // Load form
198                 loadTemplate('guest_sponsor_activate');
199         }
200 } elseif ($mode == 'lost_pass') {
201         // Send new password
202         if (isFormSent()) {
203                 // Check submitted data
204                 if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
205         } // END - if
206
207         if (isFormSent()) {
208                 // Check email
209                 $result = SQL_QUERY_ESC("SELECT
210         `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`,
211         UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
212 FROM
213         `{?_MYSQL_PREFIX?}_sponsor_data`
214 WHERE
215         `email`='%s' AND
216         `id`=%s AND
217         `status`='CONFIRMED'
218 LIMIT 1",
219                 array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
220
221                 // Entry found?
222                 if (SQL_NUMROWS($result) == 1) {
223                         // Unconfirmed sponsor account found so let's load the requested data
224                         $DATA = SQL_FETCHARRAY($result);
225
226                         // Generate password/translate some data
227                         $DATA['password']        = generatePassword();
228                         $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
229
230                         // Prepare email and send it to the sponsor
231                         $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
232                         sendEmail(postRequestParameter('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
233
234                         // Update password
235                         SQL_QUERY_ESC("UPDATE
236         `{?_MYSQL_PREFIX?}_sponsor_data`
237 SET
238         `password`='%s'
239 WHERE
240         `id`=%s
241 LIMIT 1",
242                                 array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
243
244                         // Output message
245                         displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}');
246                 } else {
247                         // No account found or not UNCONFIRMED
248                         displayMessage('{--SPONSOR_LOST_PASSWORD_404--}');
249                 }
250
251                 // Free memory
252                 SQL_FREERESULT($result);
253         } else {
254                 // Load form
255                 loadTemplate('guest_sponsor_lost');
256         }
257 } elseif (isFormSent()) {
258         // Check status and login data ...
259         $result = SQL_QUERY_ESC("SELECT
260         `status`
261 FROM
262         `{?_MYSQL_PREFIX?}_sponsor_data`
263 WHERE
264         `id`=%s AND
265         `password`='%s'
266 LIMIT 1",
267         array(
268                 bigintval(postRequestParameter('sponsor_id')),
269                 md5(postRequestParameter('password'))
270         ), __FILE__, __LINE__);
271
272         if (SQL_NUMROWS($result) == 1) {
273                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
274                 list($status) = SQL_FETCHROW($result);
275                 if ($status == 'CONFIRMED') {
276                         // Is confirmed so both is fine and we can continue with login procedure
277                         $login = ((setSession('sponsor_id'  , bigintval(postRequestParameter('sponsor_id')))) &&
278                         (setSession('sponsor_pass', md5(postRequestParameter('password'))           ))
279                         );
280
281                         if ($login === true) {
282                                 // Cookie setup successfull so we can forward to sponsor area
283                                 redirectToUrl('modules.php?module=sponsor');
284                         } else {
285                                 // Cookie setup failed!
286                                 displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}');
287
288                                 // Login formular and other links
289                                 loadTemplate('guest_sponsor_login');
290                         }
291                 } else {
292                         // Status is not fine
293                         displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
294
295                         // Login formular and other links
296                         loadTemplate('guest_sponsor_login');
297                 }
298         } else {
299                 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
300                 displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
301
302                 // Login formular and other links
303                 loadTemplate('guest_sponsor_login');
304         }
305
306         // Free memory
307         SQL_FREERESULT($result);
308 } else {
309         // Login formular and other links
310         loadTemplate('guest_sponsor_login');
311 }
312
313 // [EOF]
314 ?>