inc/modules/sponsor/account.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 09/30/2005 *
   4  * ===============                              Last change: 05/19/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : account.php                                      *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Sponsor can manage his account                   *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Der Sponsor kann sein Account verwalten          *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software. You can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License.       *
  21  *                                                                      *
  22  * This program is distributed in the hope that it will be useful,      *
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  25  * GNU General Public License for more details.                         *
  26  *                                                                      *
  27  * You should have received a copy of the GNU General Public License    *
  28  * along with this program; if not, write to the Free Software          *
  29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  30  * MA  02110-1301  USA                                                  *
  31  ************************************************************************/
  32
  33 // Some security stuff...
  34 if (!defined('__SECURITY')) {
  35         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
  36         require($INC);
  37 } elseif ((!EXT_IS_ACTIVE("sponsor"))
  38         addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "sponsor");
  39         return;
  40 } elseif (!IS_SPONSOR()) {
  41         // No sponsor!
  42         addFatalMessage(__FILE__, __LINE__, getMessage('SPONSOR_ONLY_AREA_ENTERED'));
  43         return;
  44 }
  45
  46 // Data for the formular
  47 $result = SQL_QUERY_ESC("SELECT company, position, tax_ident,
  48 gender, surname, family, street_nr1, street_nr2, zip, city, country,
  49 phone, fax, cell, email, url,
  50 status, receive_warnings
  51 FROM `{!_MYSQL_PREFIX!}_sponsor_data`
  52 WHERE id='%s' AND password='%s' LIMIT 1",
  53         array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
  54
  55 // Entry found?
  56 if (SQL_NUMROWS($result) == 1) {
  57         // Load sponsor data
  58         $content = SQL_FETCHARRAY($result);
  59         if ($content['status'] == "CONFIRMED") {
  60                 // Check if form was submitted or not
  61                 if (IS_FORM_SENT()) {
  62                         // Check passwords
  63                         if (!REQUEST_ISSET_POST(('pass_old'))) {
  64                                 // No current password entered
  65                                 $MSG = getMessage('SPONSOR_NO_CURRENT_PASSWORD_ENTERED');
  66                         } elseif (md5(REQUEST_POST('pass_old')) != get_session('sponsorpass')) {
  67                                 // Entered password didn't match password in DB
  68                                 $MSG = getMessage('SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB');
  69                         } elseif ((REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass2'))) {
  70                                 // Both new passwords did not match
  71                                 $MSG = getMessage('SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH');
  72                         } elseif ((!REQUEST_ISSET_POST(('pass1'))) && (REQUEST_ISSET_POST(('pass2')))) {
  73                                 // No password one entered
  74                                 $MSG = getMessage('SPONSOR_PASSWORD_ONE_EMPTY');
  75                         } elseif ((REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2')))) {
  76                                 // No password two entered
  77                                 $MSG = getMessage('SPONSOR_PASSWORD_TWO_EMPTY');
  78                         } elseif ((REQUEST_ISSET_POST(('pass1'))) && (strlen(REQUEST_POST('pass1')) < getConfig('pass_len'))) {
  79                                 // Too short password
  80                                 $MSG = sprintf(getMessage('SPONSOR_PASSWORD_TOO_SHORT'), getConfig('pass_len'));
  81                         } else {
  82                                 // Default is we don't want to change password!
  83                                 $PASS_AND = ""; $PASS_DATA = "";
  84
  85                                 // Check if we want to change password or not
  86                                 if ((REQUEST_POST('pass1') == REQUEST_POST('pass2')) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') != REQUEST_POST('pass_old'))) {
  87                                         // Change current password
  88                                         $PASS_AND  = ", password='%s'";
  89                                         $PASS_DATA = md5(REQUEST_POST('pass1'));
  90                                 }
  91
  92                                 // Unsecure data which we don't want here
  93                                         $UNSAFE = array('receive_warnings', 'warning_interval');
  94
  95                                 // Remove all (maybe spoofed) unsafe data from array
  96                                 foreach ($UNSAFE as $remove) {
  97                                         REQUEST_UNSET_POST($remove);
  98                                 }
  99
 100                                 // Set last change timestamp
 101                                 REQUEST_SET_POST('last_change', "UNIX_TIMESTAMP()");
 102
 103                                 // Save data
 104                                 $MSG = SPONSOR_SAVE_DATA(REQUEST_POST_ARRAY(), $content);
 105                         }
 106
 107                         if (!empty($MSG)) {
 108                                 // Output message
 109                                 $OUT = LOAD_TEMPLATE("admin_settings_saved", true, $MSG);
 110                         } else {
 111                                 // No message generated
 112                                 $OUT = LOAD_TEMPLATE("admin_settings_saved", true, getMessage('SPONSOR_NO_MESSAGE_GENERATED'));
 113                         }
 114                 } else {
 115                         // Check for gender selection
 116                         switch ($content['gender'])
 117                         {
 118                         case "M": // Male
 119                                 define('__GENDER_M', " selected=\"selected\"");
 120                                 define('__GENDER_F', "");
 121                                 define('__GENDER_C', "");
 122                                 break;
 123
 124                         case "F": // Female
 125                                 define('__GENDER_M', "");
 126                                 define('__GENDER_F', " selected=\"selected\"");
 127                                 define('__GENDER_C', "");
 128                                 break;
 129
 130                         case "C": // Company
 131                                 define('__GENDER_M', "");
 132                                 define('__GENDER_F', "");
 133                                 define('__GENDER_C', " selected=\"selected\"");
 134                                 break;
 135                         }
 136
 137                         // Output formular
 138                         $OUT = LOAD_TEMPLATE("sponsor_account_form", true, $content);
 139                 }
 140         } else {
 141                 // Locked or so?
 142                 $STATUS = SPONSOR_TRANSLATE_STATUS($content['status']);
 143                 $OUT = LOAD_TEMPLATE("admin_settings_saved", true, sprintf(getMessage('SPONSOR_ACCOUNT_FAILED'), $STATUS));
 144         }
 145 } else {
 146         // Sponsor account not found!
 147         $OUT = LOAD_TEMPLATE("admin_settings_saved", true, sprintf(getMessage('SPONSOR_ACCOUNT_404'), get_session('sponsorid')));
 148 }
 149
 150 // Free memory
 151 SQL_FREERESULT($result);
 152
 153 //
 154 ?>