inc/modules/guest/what-sponsor_login.php

   1 <?php
   2 /************************************************************************
   3  * Mailer v0.2.1-FINAL                                Start: 06/10/2005 *
   4  * ===================                          Last change: 05/18/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-sponsor_login.php                           *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Login form and password resending for sponsor    *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
  12  * -------------------------------------------------------------------- *
  13  * $Revision::                                                        $ *
  14  * $Date::                                                            $ *
  15  * $Tag:: 0.2.1-FINAL                                                 $ *
  16  * $Author::                                                          $ *
  17  * -------------------------------------------------------------------- *
  18  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
  19  * Copyright (c) 2009 - 2013 by Mailer Developer Team                   *
  20  * For more information visit: http://mxchange.org                      *
  21  *                                                                      *
  22  * This program is free software; you can redistribute it and/or modify *
  23  * it under the terms of the GNU General Public License as published by *
  24  * the Free Software Foundation; either version 2 of the License, or    *
  25  * (at your option) any later version.                                  *
  26  *                                                                      *
  27  * This program is distributed in the hope that it will be useful,      *
  28  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  29  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  30  * GNU General Public License for more details.                         *
  31  *                                                                      *
  32  * You should have received a copy of the GNU General Public License    *
  33  * along with this program; if not, write to the Free Software          *
  34  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  35  * MA  02110-1301  USA                                                  *
  36  ************************************************************************/
  37
  38 // Some security stuff...
  39 if (!defined('__SECURITY')) {
  40         exit();
  41 } // END - if
  42
  43 // Add description as navigation point
  44 addYouAreHereLink('guest', __FILE__);
  45
  46 if ((!isExtensionActive('sponsor'))) {
  47         displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}');
  48         return;
  49 } elseif (isSponsor()) {
  50         // Is already a logged-in sponsor
  51         redirectToUrl('modules.php?module=sponsor');
  52 }
  53
  54 $mode = '';
  55 if (isGetRequestElementSet('do')) {
  56         // A "special" mode of the login system was requested
  57         switch (getRequestElement('do')) {
  58                 case 'activate' : $mode = 'activate';  break; // Activation link requested
  59                 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
  60         } // END - switch
  61 } // END - if
  62
  63 // Check if hash for confirmation of email address is given...
  64 if (isGetRequestElementSet('hash')) {
  65         // Lookup sponsor
  66         $result = SQL_QUERY_ESC("SELECT
  67         `id`, `status`, `gender`, `surname`, `family`,
  68         `company`, `position`, `tax_ident`,
  69         `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
  70         `points_amount` AS `points`, `last_payment`, `last_currency`
  71 FROM
  72         `{?_MYSQL_PREFIX?}_sponsor_data`
  73 WHERE
  74         `hash`='%s' AND (
  75                 `status`='UNCONFIRMED' OR
  76                 `status`='EMAIL'
  77         )
  78 LIMIT 1", array(getRequestElement('hash')), __FILE__, __LINE__);
  79         if (SQL_NUMROWS($result) == 1) {
  80                 // Sponsor found, load his data...
  81                 $data = SQL_FETCHARRAY($result);
  82
  83                 // Unconfirmed account or changed email address?
  84                 if ($data['status'] == 'UNCONFIRMED') {
  85                         // Set account to pending
  86                         SQL_QUERY_ESC("UPDATE
  87         `{?_MYSQL_PREFIX?}_sponsor_data`
  88 SET
  89         `status`='PENDING',
  90         `hash`=NULL
  91 WHERE
  92         `id`=%s AND
  93         `hash`='%s' AND
  94         `status`='UNCONFIRMED'
  95 LIMIT 1",
  96                                 array(
  97                                         bigintval($data['id']),
  98                                         getRequestElement('hash')
  99                                 ), __FILE__, __LINE__);
 100
 101                         // Check on success
 102                         if (!SQL_HASZEROAFFECTED()) {
 103                                 // Prepare mail and send it to the sponsor
 104                                 $message = loadEmailTemplate('sponsor_pending', $data);
 105                                 sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
 106
 107                                 // Send email to admin
 108                                 sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
 109
 110                                 // Sponsor account set to pending
 111                                 displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}');
 112                         } else {
 113                                 // Could not unlock account!
 114                                 displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
 115                         }
 116                 } elseif ($data['status'] == 'EMAIL') {
 117                         // Changed email adress need to be confirmed
 118                         SQL_QUERY_ESC("UPDATE
 119         `{?_MYSQL_PREFIX?}_sponsor_data`
 120 SET
 121         `status`='CONFIRMED',
 122         `hash`=NULL
 123 WHERE
 124         `id`=%s AND
 125         `hash`='%s' AND
 126         `status`='EMAIL'
 127 LIMIT 1",
 128                                 array(bigintval($data['id']), getRequestElement('hash')), __FILE__, __LINE__);
 129
 130                         // Check on success
 131                         if (!SQL_HASZEROAFFECTED()) {
 132                                 // Sponsor account is unlocked again
 133                                 displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
 134                         } else {
 135                                 // Could not unlock account!
 136                                 displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
 137                         }
 138                 } else {
 139                         // ??? Other status?
 140                         displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
 141                 }
 142         } else {
 143                 // No sponsor found
 144                 displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestElement('hash') . '%}');
 145         }
 146
 147         // Free memory
 148         SQL_FREERESULT($result);
 149 } elseif ($mode == 'activate') {
 150         // Send activation link again
 151         if (isFormSent('login')) {
 152                 // Check submitted data
 153                 if (!isPostRequestElementSet('email')) unsetPostRequestElement('login');
 154         }
 155
 156         if (isFormSent('login')) {
 157                 // Check email
 158                 $result = SQL_QUERY_ESC("SELECT
 159         `id`,
 160         `hash`,
 161         `status`,
 162         `remote_addr`,
 163         `gender`,
 164         `surname`,
 165         `family`,
 166         UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
 167 FROM
 168         `{?_MYSQL_PREFIX?}_sponsor_data`
 169 WHERE
 170         '%s' REGEXP `email` AND
 171         (`status`='UNCONFIRMED' OR `status`='EMAIL')
 172 LIMIT 1",
 173                 array(postRequestElement('email')), __FILE__, __LINE__);
 174
 175                 // Entry found?
 176                 if (SQL_NUMROWS($result) == 1) {
 177                         // Unconfirmed sponsor account found so let's load the requested data
 178                         $data = SQL_FETCHARRAY($result);
 179
 180                         // Translate some data
 181                         $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
 182
 183                         // Prepare email and send it to the sponsor
 184                         if ($data['status'] == 'UNCONFIRMED') {
 185                                 // Unconfirmed accounts
 186                                 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
 187                         } else {
 188                                 // Confirmed email address
 189                                 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
 190                         }
 191                         sendEmail(postRequestElement('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
 192
 193                         // Output message
 194                         displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}');
 195                 } else {
 196                         // No account found or not UNCONFIRMED
 197                         displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}');
 198                 }
 199
 200                 // Free memory
 201                 SQL_FREERESULT($result);
 202         } else {
 203                 // Load form
 204                 loadTemplate('guest_sponsor_activate');
 205         }
 206 } elseif ($mode == 'lost_pass') {
 207         // Send new password
 208         if (isFormSent('login')) {
 209                 // Check submitted data
 210                 if (!isPostRequestElementSet('email')) unsetPostRequestElement('login');
 211         } // END - if
 212
 213         if (isFormSent('login')) {
 214                 // Check email
 215                 $result = SQL_QUERY_ESC("SELECT
 216         `id`,
 217         `hash`,
 218         `remote_addr`,
 219         `gender`,
 220         `surname`,
 221         `family`,
 222         UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
 223 FROM
 224         `{?_MYSQL_PREFIX?}_sponsor_data`
 225 WHERE
 226         '%s' REGEXP `email` AND
 227         `id`=%s AND
 228         `status`='CONFIRMED'
 229 LIMIT 1",
 230                 array(postRequestElement('email'), bigintval(postRequestElement('id'))), __FILE__, __LINE__);
 231
 232                 // Entry found?
 233                 if (SQL_NUMROWS($result) == 1) {
 234                         // Unconfirmed sponsor account found so let's load the requested data
 235                         $content = SQL_FETCHARRAY($result);
 236
 237                         // Generate password/translate some data
 238                         $content['password']        = generatePassword();
 239                         $content['sponsor_created'] = generateDateTime($content['sponsor_created']);
 240
 241                         // Prepare email and send it to the sponsor
 242                         $message_sponsor = loadEmailTemplate('sponsor_lost', $content);
 243                         sendEmail(postRequestElement('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
 244
 245                         // Update password
 246                         SQL_QUERY_ESC("UPDATE
 247         `{?_MYSQL_PREFIX?}_sponsor_data`
 248 SET
 249         `password`='%s'
 250 WHERE
 251         `id`=%s
 252 LIMIT 1",
 253                                 array(md5($content['password']), bigintval($content['id'])), __FILE__, __LINE__);
 254
 255                         // Output message
 256                         displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}');
 257                 } else {
 258                         // No account found or not UNCONFIRMED
 259                         displayMessage('{--SPONSOR_LOST_PASSWORD_404--}');
 260                 }
 261
 262                 // Free memory
 263                 SQL_FREERESULT($result);
 264         } else {
 265                 // Load form
 266                 loadTemplate('guest_sponsor_lost');
 267         }
 268 } elseif (isFormSent('login')) {
 269         // Check status and login data ...
 270         $result = SQL_QUERY_ESC("SELECT
 271         `status`
 272 FROM
 273         `{?_MYSQL_PREFIX?}_sponsor_data`
 274 WHERE
 275         `id`=%s AND
 276         `password`='%s'
 277 LIMIT 1",
 278         array(
 279                 bigintval(postRequestElement('sponsor_id')),
 280                 md5(postRequestElement('password'))
 281         ), __FILE__, __LINE__);
 282
 283         if (SQL_NUMROWS($result) == 1) {
 284                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 285                 list($status) = SQL_FETCHROW($result);
 286                 if ($status == 'CONFIRMED') {
 287                         // Is confirmed so both is fine and we can continue with login procedure
 288                         $login = ((setSession('sponsor_id'  , bigintval(postRequestElement('sponsor_id')))) &&
 289                         (setSession('sponsor_pass', md5(postRequestElement('password'))           ))
 290                         );
 291
 292                         if ($login === TRUE) {
 293                                 // Cookie setup successfull so we can forward to sponsor area
 294                                 redirectToUrl('modules.php?module=sponsor');
 295                         } else {
 296                                 // Cookie setup failed!
 297                                 displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}');
 298
 299                                 // Login formular and other links
 300                                 loadTemplate('guest_sponsor_login');
 301                         }
 302                 } else {
 303                         // Status is not fine
 304                         displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
 305
 306                         // Login formular and other links
 307                         loadTemplate('guest_sponsor_login');
 308                 }
 309         } else {
 310                 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
 311                 displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
 312
 313                 // Login formular and other links
 314                 loadTemplate('guest_sponsor_login');
 315         }
 316
 317         // Free memory
 318         SQL_FREERESULT($result);
 319 } else {
 320         // Login formular and other links
 321         loadTemplate('guest_sponsor_login');
 322 }
 323
 324 // [EOF]
 325 ?>