inc/modules/guest/what-sponsor_login.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 06/10/2005 *
   4  * ===============                              Last change: 05/18/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-sponsor_login.php                           *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Login form and password resending for sponsor    *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software. You can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License.       *
  21  *                                                                      *
  22  * This program is distributed in the hope that it will be useful,      *
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  25  * GNU General Public License for more details.                         *
  26  *                                                                      *
  27  * You should have received a copy of the GNU General Public License    *
  28  * along with this program; if not, write to the Free Software          *
  29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  30  * MA  02110-1301  USA                                                  *
  31  ************************************************************************/
  32
  33 // Some security stuff...
  34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
  35 {
  36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
  37         require($INC);
  38 }
  39
  40 // Add description as navigation point
  41 ADD_DESCR("guest", basename(__FILE__));
  42
  43 $MODE = "";
  44 if (!empty($_GET['mode']))
  45 {
  46         // A "special" mode of the login system was requested
  47         switch ($_GET['mode'])
  48         {
  49                 case "activate" : $MODE = "activate";  break; // Activation link requested
  50                 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
  51         }
  52 }
  53
  54 // Check if hash for confirmation of email address is given...
  55 if (!empty($_GET['hash']))
  56 {
  57         // Lookup sponsor
  58         $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
  59 company, position, tax_ident,
  60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
  61 points_amount AS points, last_pay AS pay, last_curr AS curr
  62 FROM "._MYSQL_PREFIX."_sponsor_data
  63 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
  64 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
  65         if (SQL_NUMROWS($result) == 1)
  66         {
  67                 // Sponsor found, load his data...
  68                 $SPONSOR = SQL_FETCHARRAY($result);
  69
  70                 // Translate salut and comma
  71                 $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
  72                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
  73                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
  74
  75                 // Unconfirmed account or changed email address?
  76                 if ($SPONSOR['status'] == "UNCONFIRMED")
  77                 {
  78                         // Set account to pending
  79                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
  80 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
  81  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  82
  83                         // Check on success
  84                         if (SQL_AFFECTEDROWS($link) == 1)
  85                         {
  86                                 // Prepare mail and send it to the sponsor
  87                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
  88                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
  89
  90                                 // Send email to admin
  91                                 if (GET_EXT_VERSION("admins") >= "0.4.1")
  92                                 {
  93                                         // Use new system
  94                                         SEND_ADMIN_EMAILS_PRO (ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
  95                                 }
  96                                  else
  97                                 {
  98                                         // Send over old system
  99                                         $msg_admin = LOAD_EMAIL_TEMPLATE("admin_sponsor_pending", $SPONSOR);
 100                                         SEND_ADMIN_EMAILS (ADMIN_NEW_SPONSOR, $msg_admin);
 101                                 }
 102
 103                                 // Sponsor account set to pending
 104                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
 105                         }
 106                          else
 107                         {
 108                                 // Could not unlock account!
 109                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
 110                         }
 111                 }
 112                  elseif ($SPONSOR['status'] == "EMAIL")
 113                 {
 114                         // Changed email adress need to be confirmed
 115                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
 116 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
 117  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 118
 119                         // Check on success
 120                         if (SQL_AFFECTEDROWS($link) == 1)
 121                         {
 122                                 // Sponsor account is unlocked again
 123                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
 124                         }
 125                          else
 126                         {
 127                                 // Could not unlock account!
 128                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
 129                         }
 130                 }
 131                  else
 132                 {
 133                         /// ??? Other status?
 134                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
 135                 }
 136         }
 137          else
 138         {
 139                 // No sponsor found
 140                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
 141         }
 142
 143         // Free memory
 144         SQL_FREERESULT($result);
 145 }
 146  elseif ($MODE == "activate")
 147 {
 148         // Send activation link again
 149         if (isset($HTTP_POST_VARS['ok']))
 150         {
 151                 // Check submitted data
 152                 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
 153         }
 154
 155         if (isset($HTTP_POST_VARS['ok']))
 156         {
 157                 // Check email
 158                 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
 159 FROM "._MYSQL_PREFIX."_sponsor_data
 160 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
 161  array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
 162                 if (SQL_NUMROWS($result) == 1)
 163                 {
 164                         // Unconfirmed sponsor account found so let's load the requested data
 165                         $SPONSOR = SQL_FETCHARRAY($result);
 166
 167                         // Translate some data
 168                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
 169                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 170
 171                         // Prepare email and send it to the sponsor
 172                         if ($SPONSOR['status'] == "UNCONFIRMED")
 173                         {
 174                                 // Unconfirmed accounts
 175                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
 176                         }
 177                          else
 178                         {
 179                                 // Confirmed email address
 180                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
 181                         }
 182                         SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 183
 184                         // Output message
 185                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
 186                 }
 187                  else
 188                 {
 189                         // No account found or not UNCONFIRMED
 190                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
 191                 }
 192
 193                 // Free memory
 194                 SQL_FREERESULT($result);
 195         }
 196          else
 197         {
 198                 // Load form
 199                 LOAD_TEMPLATE("guest_sponsor_activate");
 200         }
 201 }
 202  elseif ($MODE == "lost_pass")
 203 {
 204         // Send new password
 205         if (isset($HTTP_POST_VARS['ok']))
 206         {
 207                 // Check submitted data
 208                 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
 209         }
 210
 211         if (isset($HTTP_POST_VARS['ok']))
 212         {
 213                 // Check email
 214                 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
 215 FROM "._MYSQL_PREFIX."_sponsor_data
 216 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
 217  array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
 218                 if (SQL_NUMROWS($result) == 1)
 219                 {
 220                         // Unconfirmed sponsor account found so let's load the requested data
 221                         $SPONSOR = SQL_FETCHARRAY($result);
 222
 223                         // Translate some data
 224                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
 225                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 226
 227                         // Generate password
 228                         $SPONSOR['password']        = GEN_PASS();
 229
 230                         // Prepare email and send it to the sponsor
 231                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
 232                         SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 233
 234                         // Update password
 235                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
 236 WHERE id='%s' LIMIT 1",
 237  array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
 238
 239                         // Output message
 240                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
 241                 }
 242                  else
 243                 {
 244                         // No account found or not UNCONFIRMED
 245                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
 246                 }
 247
 248                 // Free memory
 249                 SQL_FREERESULT($result);
 250         }
 251          else
 252         {
 253                 // Load form
 254                 LOAD_TEMPLATE("guest_sponsor_lost");
 255         }
 256 }
 257  elseif (isset($HTTP_POST_VARS['ok']))
 258 {
 259         // Check status and login data ...
 260         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
 261 WHERE id='%s' AND password='%s' LIMIT 1",
 262  array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
 263         if (SQL_NUMROWS($result) == 1)
 264         {
 265                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 266                 list($status) = SQL_FETCHROW($result);
 267                 if ($status == "CONFIRMED")
 268                 {
 269                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
 270                         // seperate timeout for these two cookies?
 271                         $life = (time() + $CONFIG['online_timeout']);
 272
 273                         // Is confirmed so both is fine and we can continue with login procedure
 274                         $login = ((setcookie("sponsorid"  , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
 275                                   (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass'])           , $life, COOKIE_PATH)));
 276
 277                         if ($login)
 278                         {
 279                                 // Cookie setup successfull so we can forward to sponsor area
 280                                 LOAD_URL(URL."/modules.php?module=sponsor");
 281                         }
 282                          else
 283                         {
 284                                 // Cookie setup failed!
 285                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
 286                                 OUTPUT_HTML("<BR>");
 287
 288                                 // Login formular and other links
 289                                 LOAD_TEMPLATE("guest_sponsor_login");
 290                         }
 291                 }
 292                  else
 293                 {
 294                         // Status is not fine
 295                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
 296                         eval($eval);
 297                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
 298                         OUTPUT_HTML("<BR>");
 299
 300                         // Login formular and other links
 301                         LOAD_TEMPLATE("guest_sponsor_login");
 302                 }
 303         }
 304          else
 305         {
 306                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
 307                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
 308                 OUTPUT_HTML("<BR>");
 309
 310                 // Login formular and other links
 311                 LOAD_TEMPLATE("guest_sponsor_login");
 312         }
 313
 314         // Free memory
 315         SQL_FREERESULT($result);
 316 }
 317  else
 318 {
 319         // Login formular and other links
 320         LOAD_TEMPLATE("guest_sponsor_login");
 321 }
 322
 323 //
 324 ?>