First batch of removal of the headers needed for revision-functions.php

[mailer.git] / inc / modules / sponsor / account.php

<?php
/************************************************************************
 * Mailer v0.2.1-FINAL                                Start: 09/30/2005 *
 * ===================                          Last change: 05/19/2008 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : account.php                                      *
 * -------------------------------------------------------------------- *
 * Short description : Sponsor can manage his account                   *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Der Sponsor kann sein Account verwalten          *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2009 by Roland Haeder                           *
 * Copyright (c) 2009 - 2013 by Mailer Developer Team                   *
 * For more information visit: http://mxchange.org                      *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (!defined('__SECURITY')) {
        exit();
} elseif (!isExtensionActive('sponsor')) {
        displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}');
        return;
} elseif (!isSponsor()) {
        // No sponsor!
        addFatalMessage(__FILE__, __LINE__, '{--SPONSOR_ONLY_AREA_ENTERED--}');
        return;
}

// Data for the formular
$result = sqlQueryEscaped("SELECT
        `id`, `company`, `position`, `tax_ident`,
        `gender`, `surname`, `family`, `street_nr1`, `street_nr2`, `zip`, `city`, `country`,
        `phone`, `fax`, `cell`, `email`, `url`,
        `status`, `receive_warnings`
FROM
        `{?_MYSQL_PREFIX?}_sponsor_data`
WHERE
        `id`=%s AND
        `password`='%s'
LIMIT 1",
        array(
                bigintval(getSession('sponsor_id')),
                getSession('sponsorpass')
        ), __FILE__, __LINE__);

// Entry found?
if (sqlNumRows($result) == 1) {
        // Load sponsor data
        $content = sqlFetchArray($result);
        if ($content['status'] == 'CONFIRMED') {
                // Check if form was submitted or not
                if (isFormSent()) {
                        // Check passwords
                        if (!isPostRequestElementSet('pass_old')) {
                                // No current password entered
                                $message = '{--SPONSOR_NO_CURRENT_PASSWORD_ENTERED--}';
                        } elseif (md5(postRequestElement('pass_old')) != getSession('sponsorpass')) {
                                // Entered password didn't match password in DB
                                $message = '{--SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB--}';
                        } elseif ((isPostRequestElementSet('password1')) && (isPostRequestElementSet('password2')) && (postRequestElement('password1') != postRequestElement('password2'))) {
                                // Both new passwords did not match
                                $message = '{--SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH--}';
                        } elseif ((!isPostRequestElementSet('password1')) && (isPostRequestElementSet('password2'))) {
                                // No password one entered
                                $message = '{--SPONSOR_PASSWORD_ONE_EMPTY--}';
                        } elseif ((isPostRequestElementSet('password1')) && (!isPostRequestElementSet('password2'))) {
                                // No password two entered
                                $message = '{--SPONSOR_PASSWORD_TWO_EMPTY--}';
                        } elseif ((isPostRequestElementSet('password1')) && (strlen(postRequestElement('password1')) < getMinPasswordLength())) {
                                // Too short password
                                $message = '{--SPONSOR_PASSWORD_TOO_SHORT--}';
                        } else {
                                // Default is we don't want to change password!
                                $PASS_AND = ''; $PASS_DATA = '';

                                // Check if the sponsor wants to change his/her password
                                if ((postRequestElement('password1') == postRequestElement('password2')) && (isPostRequestElementSet('password1')) && (postRequestElement('password1') != postRequestElement('pass_old'))) {
                                        // Change current password
                                        $PASS_AND  = ",`password`='%s'";
                                        $PASS_DATA = md5(postRequestElement('password1'));
                                } // END - if

                                // Unsecure data which we don't want here
                                $UNSAFE = array('receive_warnings', 'warning_interval');

                                // Remove all (maybe spoofed) unsafe data from array
                                foreach ($UNSAFE as $remove) {
                                        unsetPostRequestElement($remove);
                                } // END - foreach

                                // Set last change timestamp
                                setPostRequestElement('last_change', 'UNIX_TIMESTAMP()');

                                // Save data
                                $message = saveSponsorData(postRequestArray(), $content);
                        }

                        if (!empty($message)) {
                                // Output message
                                $GLOBALS['sponsor_output'] = returnMessage($message);
                        } else {
                                // No message generated
                                $GLOBALS['sponsor_output'] = returnMessage('{--SPONSOR_NO_MESSAGE_GENERATED--}');
                        }
                } else {
                        // Output formular
                        $GLOBALS['sponsor_output'] = loadTemplate('sponsor_account_form', TRUE, $content);
                }
        } else {
                // Locked or so?
                $GLOBALS['sponsor_output'] = returnMessage('{%message,SPONSOR_ACCOUNT_FAILED=' . $content['status'] . '%}');
        }
} else {
        // Sponsor account not found
        $GLOBALS['sponsor_output'] = returnMessage('{%message,SPONSOR_ACCOUNT_404=' . getSession('sponsor_id') . '%}');
}

// Free memory
sqlFreeResult($result);

// [EOF]
?>