Code-style applied, surfbar URLs can now be edited
[mailer.git] / inc / modules / guest / what-sponsor_login.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 06/10/2005 *
4  * ===============                              Last change: 05/18/2008 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-sponsor_login.php                           *
8  * -------------------------------------------------------------------- *
9  * Short description : Login form and password resending for sponsor    *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software. You can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License.       *
21  *                                                                      *
22  * This program is distributed in the hope that it will be useful,      *
23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
25  * GNU General Public License for more details.                         *
26  *                                                                      *
27  * You should have received a copy of the GNU General Public License    *
28  * along with this program; if not, write to the Free Software          *
29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
30  * MA  02110-1301  USA                                                  *
31  ************************************************************************/
32
33 // Some security stuff...
34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
35 {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
37         require($INC);
38 }
39
40 // Add description as navigation point
41 ADD_DESCR("guest", basename(__FILE__));
42
43 $MODE = "";
44 if (!empty($_GET['mode']))
45 {
46         // A "special" mode of the login system was requested
47         switch ($_GET['mode'])
48         {
49                 case "activate" : $MODE = "activate";  break; // Activation link requested
50                 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
51         }
52 }
53
54 // Check if hash for confirmation of email address is given...
55 if (!empty($_GET['hash']))
56 {
57         // Lookup sponsor
58         $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
59 company, position, tax_ident,
60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
61 points_amount AS points, last_pay AS pay, last_curr AS curr
62 FROM "._MYSQL_PREFIX."_sponsor_data
63 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
64 LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
65         if (SQL_NUMROWS($result) == 1)
66         {
67                 // Sponsor found, load his data...
68                 $SPONSOR = SQL_FETCHARRAY($result);
69
70                 // Translate salut and comma
71                 $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
72                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
73                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
74
75                 // Unconfirmed account or changed email address?
76                 if ($SPONSOR['status'] == "UNCONFIRMED")
77                 {
78                         // Set account to pending
79                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
80 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
81  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
82
83                         // Check on success 
84                         if (SQL_AFFECTEDROWS() == 1)
85                         {
86                                 // Prepare mail and send it to the sponsor
87                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
88                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
89
90                                 // Send email to admin
91                                 SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
92
93                                 // Sponsor account set to pending
94                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
95                         }
96                          else
97                         {
98                                 // Could not unlock account!
99                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
100                         }
101                 }
102                  elseif ($SPONSOR['status'] == "EMAIL")
103                 {
104                         // Changed email adress need to be confirmed
105                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
106 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
107  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
108
109                         // Check on success 
110                         if (SQL_AFFECTEDROWS() == 1)
111                         {
112                                 // Sponsor account is unlocked again
113                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
114                         }
115                          else
116                         {
117                                 // Could not unlock account!
118                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
119                         }
120                 }
121                  else
122                 {
123                         /// ??? Other status?
124                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
125                 }
126         }
127          else
128         {
129                 // No sponsor found
130                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
131         }
132
133         // Free memory
134         SQL_FREERESULT($result);
135 }
136  elseif ($MODE == "activate")
137 {
138         // Send activation link again
139         if (isset($_POST['ok']))
140         {
141                 // Check submitted data
142                 if (empty($_POST['email'])) unset($_POST['ok']);
143         }
144
145         if (isset($_POST['ok']))
146         {
147                 // Check email
148                 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
149 FROM "._MYSQL_PREFIX."_sponsor_data
150 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
151  array($_POST['email']), __FILE__, __LINE__);
152                 if (SQL_NUMROWS($result) == 1)
153                 {
154                         // Unconfirmed sponsor account found so let's load the requested data
155                         $SPONSOR = SQL_FETCHARRAY($result);
156
157                         // Translate some data
158                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
159                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
160
161                         // Prepare email and send it to the sponsor
162                         if ($SPONSOR['status'] == "UNCONFIRMED")
163                         {
164                                 // Unconfirmed accounts
165                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
166                         }
167                          else
168                         {
169                                 // Confirmed email address
170                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
171                         }
172                         SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
173
174                         // Output message
175                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
176                 }
177                  else
178                 {
179                         // No account found or not UNCONFIRMED
180                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
181                 }
182
183                 // Free memory
184                 SQL_FREERESULT($result);
185         }
186          else
187         {
188                 // Load form
189                 LOAD_TEMPLATE("guest_sponsor_activate");
190         }
191 }
192  elseif ($MODE == "lost_pass")
193 {
194         // Send new password
195         if (isset($_POST['ok']))
196         {
197                 // Check submitted data
198                 if (empty($_POST['email'])) unset($_POST['ok']);
199         }
200
201         if (isset($_POST['ok']))
202         {
203                 // Check email
204                 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
205 FROM "._MYSQL_PREFIX."_sponsor_data
206 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
207  array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
208                 if (SQL_NUMROWS($result) == 1)
209                 {
210                         // Unconfirmed sponsor account found so let's load the requested data
211                         $SPONSOR = SQL_FETCHARRAY($result);
212
213                         // Translate some data
214                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
215                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
216
217                         // Generate password
218                         $SPONSOR['password']        = GEN_PASS();
219
220                         // Prepare email and send it to the sponsor
221                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
222                         SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
223
224                         // Update password
225                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
226 WHERE id='%s' LIMIT 1",
227  array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
228
229                         // Output message
230                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
231                 }
232                  else
233                 {
234                         // No account found or not UNCONFIRMED
235                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
236                 }
237
238                 // Free memory
239                 SQL_FREERESULT($result);
240         }
241          else
242         {
243                 // Load form
244                 LOAD_TEMPLATE("guest_sponsor_lost");
245         }
246 }
247  elseif (isset($_POST['ok']))
248 {
249         // Check status and login data ...
250         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
251 WHERE id='%s' AND password='%s' LIMIT 1",
252  array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
253         if (SQL_NUMROWS($result) == 1)
254         {
255                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
256                 list($status) = SQL_FETCHROW($result);
257                 if ($status == "CONFIRMED")
258                 {
259                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
260                         // seperate timeout for these two cookies?
261                         $life = (time() + $CONFIG['online_timeout']);
262
263                         // Is confirmed so both is fine and we can continue with login procedure
264                         $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
265                                   (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
266
267                         if ($login)
268                         {
269                                 // Cookie setup successfull so we can forward to sponsor area
270                                 LOAD_URL(URL."/modules.php?module=sponsor");
271                         }
272                          else
273                         {
274                                 // Cookie setup failed!
275                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
276                                 OUTPUT_HTML("<BR>");
277
278                                 // Login formular and other links
279                                 LOAD_TEMPLATE("guest_sponsor_login");
280                         }
281                 }
282                  else
283                 {
284                         // Status is not fine
285                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
286                         eval($eval);
287                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
288                         OUTPUT_HTML("<BR>");
289
290                         // Login formular and other links
291                         LOAD_TEMPLATE("guest_sponsor_login");
292                 }
293         }
294          else
295         {
296                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
297                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
298                 OUTPUT_HTML("<BR>");
299
300                 // Login formular and other links
301                 LOAD_TEMPLATE("guest_sponsor_login");
302         }
303
304         // Free memory
305         SQL_FREERESULT($result);
306 }
307  else
308 {
309         // Login formular and other links
310         LOAD_TEMPLATE("guest_sponsor_login");
311 }
312
313 //
314 ?>