Sponsor stub extension added (not fully working\!)
[mailer.git] / inc / modules / guest / what-sponsor_login.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 06/10/2005 *
4  * ===============                              Last change: 05/18/2008 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-sponsor_login.php                           *
8  * -------------------------------------------------------------------- *
9  * Short description : Login form and password resending for sponsor    *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software. You can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License.       *
21  *                                                                      *
22  * This program is distributed in the hope that it will be useful,      *
23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
25  * GNU General Public License for more details.                         *
26  *                                                                      *
27  * You should have received a copy of the GNU General Public License    *
28  * along with this program; if not, write to the Free Software          *
29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
30  * MA  02110-1301  USA                                                  *
31  ************************************************************************/
32
33 // Some security stuff...
34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
35 {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
37         require($INC);
38 }
39
40 // Add description as navigation point
41 ADD_DESCR("guest", basename(__FILE__));
42
43 $MODE = "";
44 if (!empty($HTTP_GET_VARS['mode']))
45 {
46         // A "special" mode of the login system was requested
47         switch ($HTTP_GET_VARS['mode'])
48         {
49                 case "activate" : $MODE = "activate";  break; // Activation link requested
50                 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
51         }
52 }
53
54 // Check if hash for confirmation of email address is given...
55 if (!empty($HTTP_GET_VARS['hash']))
56 {
57         // Lookup sponsor
58         $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
59 company, position, tax_ident,
60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
61 points_amount AS points, last_pay AS pay, last_curr AS curr
62 FROM "._MYSQL_PREFIX."_sponsor_data
63 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
64 LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__);
65         if (SQL_NUMROWS($result) == 1)
66         {
67                 // Sponsor found, load his data...
68                 $SPONSOR = SQL_FETCHARRAY($result);
69
70                 // Translate salut and comma
71                 $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
72                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
73                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
74
75                 // Unconfirmed account or changed email address?
76                 if ($SPONSOR['status'] == "UNCONFIRMED")
77                 {
78                         // Set account to pending
79                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
80 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
81  array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
82
83                         // Check on success 
84                         if (SQL_AFFECTEDROWS($link) == 1)
85                         {
86                                 // Prepare mail and send it to the sponsor
87                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
88                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
89
90                                 // Send email to admin
91                                 if (GET_EXT_VERSION("admins") >= "0.4.1")
92                                 {
93                                         // Use new system
94                                         SEND_ADMIN_EMAILS_PRO (ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
95                                 }
96                                  else
97                                 {
98                                         // Send over old system
99                                         $msg_admin = LOAD_EMAIL_TEMPLATE("admin_sponsor_pending", $SPONSOR);
100                                         SEND_ADMIN_EMAILS (ADMIN_NEW_SPONSOR, $msg_admin);
101                                 }
102
103                                 // Sponsor account set to pending
104                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
105                         }
106                          else
107                         {
108                                 // Could not unlock account!
109                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
110                         }
111                 }
112                  elseif ($SPONSOR['status'] == "EMAIL")
113                 {
114                         // Changed email adress need to be confirmed
115                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
116 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
117  array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
118
119                         // Check on success 
120                         if (SQL_AFFECTEDROWS($link) == 1)
121                         {
122                                 // Sponsor account is unlocked again
123                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
124                         }
125                          else
126                         {
127                                 // Could not unlock account!
128                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
129                         }
130                 }
131                  else
132                 {
133                         /// ??? Other status?
134                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
135                 }
136         }
137          else
138         {
139                 // No sponsor found
140                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
141         }
142
143         // Free memory
144         SQL_FREERESULT($result);
145 }
146  elseif ($MODE == "activate")
147 {
148         // Send activation link again
149         if (isset($HTTP_POST_VARS['ok']))
150         {
151                 // Check submitted data
152                 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
153         }
154
155         if (isset($HTTP_POST_VARS['ok']))
156         {
157                 // Check email
158                 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
159 FROM "._MYSQL_PREFIX."_sponsor_data
160 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
161  array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
162                 if (SQL_NUMROWS($result) == 1)
163                 {
164                         // Unconfirmed sponsor account found so let's load the requested data
165                         $SPONSOR = SQL_FETCHARRAY($result);
166
167                         // Translate some data
168                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
169                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
170
171                         // Prepare email and send it to the sponsor
172                         if ($SPONSOR['status'] == "UNCONFIRMED")
173                         {
174                                 // Unconfirmed accounts
175                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
176                         }
177                          else
178                         {
179                                 // Confirmed email address
180                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
181                         }
182                         SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
183
184                         // Output message
185                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
186                 }
187                  else
188                 {
189                         // No account found or not UNCONFIRMED
190                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
191                 }
192
193                 // Free memory
194                 SQL_FREERESULT($result);
195         }
196          else
197         {
198                 // Load form
199                 LOAD_TEMPLATE("guest_sponsor_activate");
200         }
201 }
202  elseif ($MODE == "lost_pass")
203 {
204         // Send new password
205         if (isset($HTTP_POST_VARS['ok']))
206         {
207                 // Check submitted data
208                 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
209         }
210
211         if (isset($HTTP_POST_VARS['ok']))
212         {
213                 // Check email
214                 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
215 FROM "._MYSQL_PREFIX."_sponsor_data
216 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
217  array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
218                 if (SQL_NUMROWS($result) == 1)
219                 {
220                         // Unconfirmed sponsor account found so let's load the requested data
221                         $SPONSOR = SQL_FETCHARRAY($result);
222
223                         // Translate some data
224                         $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
225                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
226
227                         // Generate password
228                         $SPONSOR['password']        = GEN_PASS();
229
230                         // Prepare email and send it to the sponsor
231                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
232                         SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
233
234                         // Update password
235                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
236 WHERE id='%s' LIMIT 1",
237  array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
238
239                         // Output message
240                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
241                 }
242                  else
243                 {
244                         // No account found or not UNCONFIRMED
245                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
246                 }
247
248                 // Free memory
249                 SQL_FREERESULT($result);
250         }
251          else
252         {
253                 // Load form
254                 LOAD_TEMPLATE("guest_sponsor_lost");
255         }
256 }
257  elseif (isset($HTTP_POST_VARS['ok']))
258 {
259         // Check status and login data ...
260         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
261 WHERE id='%s' AND password='%s' LIMIT 1",
262  array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
263         if (SQL_NUMROWS($result) == 1)
264         {
265                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
266                 list($status) = SQL_FETCHROW($result);
267                 if ($status == "CONFIRMED")
268                 {
269                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
270                         // seperate timeout for these two cookies?
271                         $life = (time() + $CONFIG['online_timeout']);
272
273                         // Is confirmed so both is fine and we can continue with login procedure
274                         $login = ((setcookie("sponsorid"  , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
275                                   (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass'])           , $life, COOKIE_PATH)));
276
277                         if ($login)
278                         {
279                                 // Cookie setup successfull so we can forward to sponsor area
280                                 LOAD_URL(URL."/modules.php?module=sponsor");
281                         }
282                          else
283                         {
284                                 // Cookie setup failed!
285                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
286                                 OUTPUT_HTML("<BR>");
287
288                                 // Login formular and other links
289                                 LOAD_TEMPLATE("guest_sponsor_login");
290                         }
291                 }
292                  else
293                 {
294                         // Status is not fine
295                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
296                         eval($eval);
297                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
298                         OUTPUT_HTML("<BR>");
299
300                         // Login formular and other links
301                         LOAD_TEMPLATE("guest_sponsor_login");
302                 }
303         }
304          else
305         {
306                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
307                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
308                 OUTPUT_HTML("<BR>");
309
310                 // Login formular and other links
311                 LOAD_TEMPLATE("guest_sponsor_login");
312         }
313
314         // Free memory
315         SQL_FREERESULT($result);
316 }
317  else
318 {
319         // Login formular and other links
320         LOAD_TEMPLATE("guest_sponsor_login");
321 }
322
323 //
324 ?>