inc/modules/sponsor/account.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 09/30/2005 *
   4  * ===============                              Last change: 05/19/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : account.php                                      *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Sponsor can manage his account                   *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Der Sponsor kann sein Account verwalten          *
  12  * -------------------------------------------------------------------- *
  13  * $Revision::                                                        $ *
  14  * $Date::                                                            $ *
  15  * $Tag:: 0.2.1-FINAL                                                 $ *
  16  * $Author::                                                          $ *
  17  * Needs to be in all Files and every File needs "svn propset           *
  18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
  19  * -------------------------------------------------------------------- *
  20  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  21  * For more information visit: http://www.mxchange.org                  *
  22  *                                                                      *
  23  * This program is free software. You can redistribute it and/or modify *
  24  * it under the terms of the GNU General Public License as published by *
  25  * the Free Software Foundation; either version 2 of the License.       *
  26  *                                                                      *
  27  * This program is distributed in the hope that it will be useful,      *
  28  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  29  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  30  * GNU General Public License for more details.                         *
  31  *                                                                      *
  32  * You should have received a copy of the GNU General Public License    *
  33  * along with this program; if not, write to the Free Software          *
  34  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  35  * MA  02110-1301  USA                                                  *
  36  ************************************************************************/
  37
  38 // Some security stuff...
  39 if (!defined('__SECURITY')) {
  40         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
  41         require($INC);
  42 } elseif (!EXT_IS_ACTIVE('sponsor')) {
  43         addFatalMessage(__FILE__, __LINE__, generateExtensionInactiveNotInstalledMessage('sponsor'));
  44         return;
  45 } elseif (!IS_SPONSOR()) {
  46         // No sponsor!
  47         addFatalMessage(__FILE__, __LINE__, getMessage('SPONSOR_ONLY_AREA_ENTERED'));
  48         return;
  49 }
  50
  51 // Data for the formular
  52 $result = SQL_QUERY_ESC("SELECT company, position, tax_ident,
  53 gender, surname, family, street_nr1, street_nr2, zip, city, country,
  54 phone, fax, cell, email, url,
  55 status, receive_warnings
  56 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
  57 WHERE `id`='%s' AND password='%s' LIMIT 1",
  58 array(bigintval(getSession('sponsorid')), getSession('sponsorpass')), __FILE__, __LINE__);
  59
  60 // Entry found?
  61 if (SQL_NUMROWS($result) == 1) {
  62         // Load sponsor data
  63         $content = SQL_FETCHARRAY($result);
  64         if ($content['status'] == 'CONFIRMED') {
  65                 // Check if form was submitted or not
  66                 if (isFormSent()) {
  67                         // Check passwords
  68                         if (!REQUEST_ISSET_POST(('pass_old'))) {
  69                                 // No current password entered
  70                                 $message = getMessage('SPONSOR_NO_CURRENT_PASSWORD_ENTERED');
  71                         } elseif (md5(REQUEST_POST('pass_old')) != getSession('sponsorpass')) {
  72                                 // Entered password didn't match password in DB
  73                                 $message = getMessage('SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB');
  74                         } elseif ((REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass2'))) {
  75                                 // Both new passwords did not match
  76                                 $message = getMessage('SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH');
  77                         } elseif ((!REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
  78                                 // No password one entered
  79                                 $message = getMessage('SPONSOR_PASSWORD_ONE_EMPTY');
  80                         } elseif ((REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2')))) {
  81                                 // No password two entered
  82                                 $message = getMessage('SPONSOR_PASSWORD_TWO_EMPTY');
  83                         } elseif ((REQUEST_ISSET_POST(('pass1'))) && (strlen(REQUEST_POST('pass1')) < getConfig('pass_len'))) {
  84                                 // Too short password
  85                                 $message = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len'));
  86                         } else {
  87                                 // Default is we don't want to change password!
  88                                 $PASS_AND = ''; $PASS_DATA = '';
  89
  90                                 // Check if we want to change password or not
  91                                 if ((REQUEST_POST('pass1') == REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass_old'))) {
  92                                         // Change current password
  93                                         $PASS_AND  = ", password='%s'";
  94                                         $PASS_DATA = md5(REQUEST_POST('pass1'));
  95                                 }
  96
  97                                 // Unsecure data which we don't want here
  98                                 $UNSAFE = array('receive_warnings', 'warning_interval');
  99
 100                                 // Remove all (maybe spoofed) unsafe data from array
 101                                 foreach ($UNSAFE as $remove) {
 102                                         REQUEST_UNSET_POST($remove);
 103                                 }
 104
 105                                 // Set last change timestamp
 106                                 REQUEST_SET_POST('last_change', "UNIX_TIMESTAMP()");
 107
 108                                 // Save data
 109                                 $message = SPONSOR_SAVE_DATA(REQUEST_POST_ARRAY(), $content);
 110                         }
 111
 112                         if (!empty($message)) {
 113                                 // Output message
 114                                 $OUT = LOAD_TEMPLATE('admin_settings_saved', true, $message);
 115                         } else {
 116                                 // No message generated
 117                                 $OUT = LOAD_TEMPLATE('admin_settings_saved', true, getMessage('SPONSOR_NO_MESSAGE_GENERATED'));
 118                         }
 119                 } else {
 120                         // Check for gender selection
 121                         switch ($content['gender'])
 122                         {
 123                                 case "M": // Male
 124                                         define('__GENDER_M', ' selected="selected"');
 125                                         define('__GENDER_F', '');
 126                                         define('__GENDER_C', '');
 127                                         break;
 128
 129                                 case "F": // Female
 130                                         define('__GENDER_M', '');
 131                                         define('__GENDER_F', ' selected="selected"');
 132                                         define('__GENDER_C', '');
 133                                         break;
 134
 135                                 case "C": // Company
 136                                         define('__GENDER_M', '');
 137                                         define('__GENDER_F', '');
 138                                         define('__GENDER_C', ' selected="selected"');
 139                                         break;
 140                         }
 141
 142                         // Output formular
 143                         $OUT = LOAD_TEMPLATE("sponsor_account_form", true, $content);
 144                 }
 145         } else {
 146                 // Locked or so?
 147                 $STATUS = sponsorTranslateUserStatus($content['status']);
 148                 $OUT = LOAD_TEMPLATE('admin_settings_saved', true, sprintf(getMessage('SPONSOR_ACCOUNT_FAILED'), $STATUS));
 149         }
 150 } else {
 151         // Sponsor account not found!
 152         $OUT = LOAD_TEMPLATE('admin_settings_saved', true, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getSession('sponsorid')));
 153 }
 154
 155 // Free memory
 156 SQL_FREERESULT($result);
 157
 158 //
 159 ?>