inc/modules/guest/what-sponsor_login.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 06/10/2005 *
   4  * ===============                              Last change: 05/18/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-sponsor_login.php                           *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Login form and password resending for sponsor    *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software. You can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License.       *
  21  *                                                                      *
  22  * This program is distributed in the hope that it will be useful,      *
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  25  * GNU General Public License for more details.                         *
  26  *                                                                      *
  27  * You should have received a copy of the GNU General Public License    *
  28  * along with this program; if not, write to the Free Software          *
  29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  30  * MA  02110-1301  USA                                                  *
  31  ************************************************************************/
  32
  33 // Some security stuff...
  34 if (!defined('__SECURITY')) {
  35         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
  36         require($INC);
  37 }
  38
  39 // Add description as navigation point
  40 ADD_DESCR("guest", basename(__FILE__));
  41
  42 $MODE = "";
  43 if (!empty($_GET['mode']))
  44 {
  45         // A "special" mode of the login system was requested
  46         switch ($_GET['mode'])
  47         {
  48                 case "activate" : $MODE = "activate";  break; // Activation link requested
  49                 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
  50         }
  51 }
  52
  53 // Check if hash for confirmation of email address is given...
  54 if (!empty($_GET['hash']))
  55 {
  56         // Lookup sponsor
  57         $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
  58 company, position, tax_ident,
  59 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
  60 points_amount AS points, last_pay AS pay, last_curr AS curr
  61 FROM "._MYSQL_PREFIX."_sponsor_data
  62 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
  63 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
  64         if (SQL_NUMROWS($result) == 1)
  65         {
  66                 // Sponsor found, load his data...
  67                 $SPONSOR = SQL_FETCHARRAY($result);
  68
  69                 // Translate gender and comma
  70                 $SPONSOR['gender']  = TRANSLATE_GENDER($SPONSOR['gender']);
  71                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
  72                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
  73
  74                 // Unconfirmed account or changed email address?
  75                 if ($SPONSOR['status'] == "UNCONFIRMED")
  76                 {
  77                         // Set account to pending
  78                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
  79 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
  80  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  81
  82                         // Check on success
  83                         if (SQL_AFFECTEDROWS() == 1)
  84                         {
  85                                 // Prepare mail and send it to the sponsor
  86                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
  87                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
  88
  89                                 // Send email to admin
  90                                 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
  91
  92                                 // Sponsor account set to pending
  93                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
  94                         }
  95                          else
  96                         {
  97                                 // Could not unlock account!
  98                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
  99                         }
 100                 }
 101                  elseif ($SPONSOR['status'] == "EMAIL")
 102                 {
 103                         // Changed email adress need to be confirmed
 104                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
 105 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
 106  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 107
 108                         // Check on success
 109                         if (SQL_AFFECTEDROWS() == 1)
 110                         {
 111                                 // Sponsor account is unlocked again
 112                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
 113                         }
 114                          else
 115                         {
 116                                 // Could not unlock account!
 117                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
 118                         }
 119                 }
 120                  else
 121                 {
 122                         /// ??? Other status?
 123                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
 124                 }
 125         }
 126          else
 127         {
 128                 // No sponsor found
 129                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
 130         }
 131
 132         // Free memory
 133         SQL_FREERESULT($result);
 134 }
 135  elseif ($MODE == "activate")
 136 {
 137         // Send activation link again
 138         if (isset($_POST['ok']))
 139         {
 140                 // Check submitted data
 141                 if (empty($_POST['email'])) unset($_POST['ok']);
 142         }
 143
 144         if (isset($_POST['ok']))
 145         {
 146                 // Check email
 147                 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
 148 FROM "._MYSQL_PREFIX."_sponsor_data
 149 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
 150  array($_POST['email']), __FILE__, __LINE__);
 151                 if (SQL_NUMROWS($result) == 1)
 152                 {
 153                         // Unconfirmed sponsor account found so let's load the requested data
 154                         $SPONSOR = SQL_FETCHARRAY($result);
 155
 156                         // Translate some data
 157                         $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
 158                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 159
 160                         // Prepare email and send it to the sponsor
 161                         if ($SPONSOR['status'] == "UNCONFIRMED")
 162                         {
 163                                 // Unconfirmed accounts
 164                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
 165                         }
 166                          else
 167                         {
 168                                 // Confirmed email address
 169                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
 170                         }
 171                         SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 172
 173                         // Output message
 174                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
 175                 }
 176                  else
 177                 {
 178                         // No account found or not UNCONFIRMED
 179                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
 180                 }
 181
 182                 // Free memory
 183                 SQL_FREERESULT($result);
 184         }
 185          else
 186         {
 187                 // Load form
 188                 LOAD_TEMPLATE("guest_sponsor_activate");
 189         }
 190 }
 191  elseif ($MODE == "lost_pass")
 192 {
 193         // Send new password
 194         if (isset($_POST['ok']))
 195         {
 196                 // Check submitted data
 197                 if (empty($_POST['email'])) unset($_POST['ok']);
 198         }
 199
 200         if (isset($_POST['ok']))
 201         {
 202                 // Check email
 203                 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
 204 FROM "._MYSQL_PREFIX."_sponsor_data
 205 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
 206  array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
 207                 if (SQL_NUMROWS($result) == 1)
 208                 {
 209                         // Unconfirmed sponsor account found so let's load the requested data
 210                         $SPONSOR = SQL_FETCHARRAY($result);
 211
 212                         // Translate some data
 213                         $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
 214                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 215
 216                         // Generate password
 217                         $SPONSOR['password']        = GEN_PASS();
 218
 219                         // Prepare email and send it to the sponsor
 220                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
 221                         SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 222
 223                         // Update password
 224                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
 225 WHERE id='%s' LIMIT 1",
 226  array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
 227
 228                         // Output message
 229                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
 230                 }
 231                  else
 232                 {
 233                         // No account found or not UNCONFIRMED
 234                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
 235                 }
 236
 237                 // Free memory
 238                 SQL_FREERESULT($result);
 239         }
 240          else
 241         {
 242                 // Load form
 243                 LOAD_TEMPLATE("guest_sponsor_lost");
 244         }
 245 }
 246  elseif (isset($_POST['ok']))
 247 {
 248         // Check status and login data ...
 249         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
 250 WHERE id='%s' AND password='%s' LIMIT 1",
 251  array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
 252         if (SQL_NUMROWS($result) == 1)
 253         {
 254                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 255                 list($status) = SQL_FETCHROW($result);
 256                 if ($status == "CONFIRMED")
 257                 {
 258                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
 259                         // seperate timeout for these two cookies?
 260                         $life = (time() + $_CONFIG['online_timeout']);
 261
 262                         // Is confirmed so both is fine and we can continue with login procedure
 263                         $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
 264                                   (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
 265
 266                         if ($login)
 267                         {
 268                                 // Cookie setup successfull so we can forward to sponsor area
 269                                 LOAD_URL(URL."/modules.php?module=sponsor");
 270                         }
 271                          else
 272                         {
 273                                 // Cookie setup failed!
 274                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
 275                                 OUTPUT_HTML("<br />");
 276
 277                                 // Login formular and other links
 278                                 LOAD_TEMPLATE("guest_sponsor_login");
 279                         }
 280                 }
 281                  else
 282                 {
 283                         // Status is not fine
 284                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
 285                         eval($eval);
 286                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
 287                         OUTPUT_HTML("<br />");
 288
 289                         // Login formular and other links
 290                         LOAD_TEMPLATE("guest_sponsor_login");
 291                 }
 292         }
 293          else
 294         {
 295                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
 296                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
 297                 OUTPUT_HTML("<br />");
 298
 299                 // Login formular and other links
 300                 LOAD_TEMPLATE("guest_sponsor_login");
 301         }
 302
 303         // Free memory
 304         SQL_FREERESULT($result);
 305 }
 306  else
 307 {
 308         // Login formular and other links
 309         LOAD_TEMPLATE("guest_sponsor_login");
 310 }
 311
 312 //
 313 ?>