<?php
/************************************************************************
 * Mailer v0.2.1-FINAL                                Start: 04/23/2005 *
 * ===================                          Last change: 05/18/2008 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : sponsor_functions.php                            *
 * -------------------------------------------------------------------- *
 * Short description : Functions for the sponsor area                   *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Funktionen fuer den Sponsorenbereich             *
 * -------------------------------------------------------------------- *
 * $Revision::                                                        $ *
 * $Date::                                                            $ *
 * $Tag:: 0.2.1-FINAL                                                 $ *
 * $Author::                                                          $ *
 * Needs to be in all Files and every File needs "svn propset           *
 * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2009 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (!defined('__SECURITY')) {
	die();
}

//
function handlSponsorRequest (&$postData, $update=false, $messageArray=array(), $RET_STATUS=false) {
	// Init a lot variables
	$SAVE = true;
	$UPDATE = false;
	$skip = false;
	$ALREADY = false;
	$ret = "unused";

	// Skip these entries
	$SKIPPED = array(
		'ok', 'edit', 'terms', 'pay_type'
	);

	// Save sponsor data
	$DATA = array(
		'keys'   => array(),
		'values' => array()
	);

		// Check if sponsor already exists
		foreach ($postData as $k => $v) {
			if (!(array_search($k, $SKIPPED) > -1)) {
				// Check only posted input entries not the submit button
				switch ($k)
				{
					case 'email':
						$ALREADY = false;
						if (!isEmailValid($v)) {
							// Email address is not valid
							$SAVE = false;
						} else {
							// Do we want to add a new sponsor or update his data?
							$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE email='%s' LIMIT 1",
							array($postData['email']), __FUNCTION__, __LINE__);

							// Is a sponsor alread in the db?
							if (SQL_NUMROWS($result) == 1) {
								// Yes, he is!
								if ((getWhat() == 'add_sponsor') || ($update)) {
									// Already found!
									$ALREADY = true;
								} else {
									// Update his data
									$UPDATE = true;
								}
							}

							// Free memory
							SQL_FREERESULT($result);
						}
						break;

					case 'pass1':
						$k = ''; $v = '';
						break;

					case 'pass2':
						$k = 'password'; $v = md5($v);
						break;

					case 'url':
						if (!isUrlValid($v)) $SAVE = false;
						break;

					default:
						// Test if there is are time selections
						convertSelectionsToTimestamp($postData, $DATA, $k, $skip);
						break;
				}

				if ((!empty($k)) && ($skip == false)) {
					// Add data
					$DATA['keys'][] = $k; $DATA['values'][] = $v;
				}
			}
		}

		// Save sponsor?
		if ($SAVE === true) {
			// Default is no force even when a guest want to abuse this force switch
			if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';

			// SQL and message string is empty by default
			$sql = ''; $message = '';

			// Update?
			if ($UPDATE) {
				// Update his data
				$sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET ";
				foreach ($DATA['keys'] as $k => $v) {
					$sql .= $v."='%s', ";
				}

				// Remove last ", " from SQL string
				$sql = substr($sql, 0, -2)." WHERE `id`='%s' LIMIT 1";
				$DATA['values'][] = bigintval(getRequestParameter('id'));

				// Generate message
				$message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_UPDATED'), 'updated', $messageArray);
				$ret = "updated";
			} elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) {
				// Add new sponsor, first add more data
				$DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time();
				$DATA['keys'][] = 'status';
				if (($update === true) && (isAdmin()) && (getWhat() == 'add_sponsor')) {
					// Only allowed for admin
					$DATA['values'][] = 'PENDING';
				} else {
					// Guest area
					$DATA['values'][] = 'UNCONFIRMED';

					// Generate hash code
					$DATA['keys'][] = 'hash';
					$DATA['values'][] = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
					$DATA['keys'][] = 'remote_addr';
					$DATA['values'][] = detectRemoteAddr();
				}

				// Implode all data into strings
				$KEYS   = implode("`, `"  , $DATA['keys']);
				$valueS = str_repeat("%s', '", count($DATA['values']) - 1);

				// Generate string
				$sql = "INSERT INTO `{?_MYSQL_PREFIX?}_sponsor_data` (`".$KEYS."`) VALUES ('".$valueS."%s')";

				// Generate message
				$message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_ADDED'), "added", $messageArray);
				$ret = 'added';
			} elseif (($update === true) && (isAdmin())) {
				// Add all data as hidden data
				$OUT = '';
				foreach ($postData as $k => $v) {
					// Do not add 'force' !
					if ($k != 'force') {
						$OUT .= '<input type="hidden" name="' . secureString($k) . '" value="' . SQL_ESCAPE($v) . '" />';
					} // END - if
				} // END - foreach

				// Remember data
				$content['hidden'] = $OUT;
				$content['email']  = $postData['email'];

				// Ask for adding a sponsor with same email address
				loadTemplate('admin_add_sponsor_already', false, $content);
				return;
			} else {
				// Already added!
				$message = getMaskedMessage('SPONSOR_ALREADY_FOUND', $postData['email']);
				$ret = 'already';
			}

			if (!empty($sql)) {
				// Run SQL command
				$result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
			} // END - if

			// Output message
			if (($update === true) && (isAdmin())) {
				loadTemplate('admin_settings_saved', false, $message);
			} // END - if
		} else {
			// Error found!
			$message = getMessageFromIndexedArray(getMessage('SPONSOR_DATA_NOT_SAVED'), 'failed', $messageArray);
			loadTemplate('admin_settings_saved', false, $message);
		}

		// Shall we return the status?
		if ($RET_STATUS === true) return $ret;
}

//
function sponsorTranslateUserStatus ($status) {
	// Construct constant name
	$constantName = sprintf("ACCOUNT_%s", $status);

	// Is the constant there?
	if (defined($constantName)) {
		// Then use it
		$ret = constant($constantName);
	} else {
		// Not found!
		logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
		$ret = getMaskedMessage('UNKNOWN_STATUS', $status);
	}
	return $ret;
}

// Search for an email address in the database
function isSponsorRegisteredWithEmail ($email) {
	// Do we already have the provided email address in our DB?
	$ret = (countSumTotalData($email, 'sponsor_data', 'id', 'email', true) == 1);

	// Return result
	return $ret;
}

// Wether the current user is a sponsor
function isSponsor () {
	// Failed...
	$ret = false;
	if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) {
		// Check cookies against database records...
		$result = SQL_QUERY_ESC("SELECT
	`id`
FROM
	`{?_MYSQL_PREFIX?}_sponsor_data`
WHERE
	`id`='%s' AND `password`='%s' AND `status`='CONFIRMED'
LIMIT 1",
			array(
				bigintval(getSession('sponsorid')),
				getSession('sponsorpass')
			), __FUNCTION__, __LINE__);
		if (SQL_NUMROWS($result) == 1) {
			// All is fine
			$ret = true;
		} // END - if

		// Free memory
		SQL_FREERESULT($result);
	} // END - if

	// Return status
	return $ret;
}

//
function addSponsorMenu ($current) {
	$OUT = '';
	$WHERE = " AND active='Y'";
	if (isAdmin()) $WHERE = '';

	// Load main menu entries
	$result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
WHERE (`what`='' OR `what` IS NULL) ".$WHERE."
ORDER BY `sort`", __FUNCTION__, __LINE__);
	if (SQL_NUMROWS($result_main) > 0) {
		// Load every menu and it's sub menus
		while ($content = SQL_FETCHARRAY($result_main)) {
			// Load sub menus
			$result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE."
ORDER BY `sort`",
			array($content['main_action']), __FUNCTION__, __LINE__);
			if (SQL_NUMROWS($result_sub) > 0) {
				// Load sub menus
				$SUB = '';
				while ($content2 = SQL_FETCHARRAY($result_sub)) {
					// Merge both arrays
					$content = merge_array($content, $content2);

					// Check if current selected menu is matching the loaded one
					if ($current == $content['sub_what']) $content['sub_title'] = "<strong>".$content['sub_title']."</strong>";

					// Prepare data for the sub template
					$content = array(
						'what'  => $content['sub_what'],
						'title' => $content['sub_title']
					);

					// Load row template
					$SUB .= loadTemplate('sponsor_what', true, $content);
				}

				// Prepare data for the main template
				$content = array(
					'title' => $content['main_title'],
					'menu'  => $SUB
				);

				// Load menu template
				$OUT .= loadTemplate('sponsor_action', true, $content);
			} else {
				// No sub menus active
				$OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE'));
			}

			// Free memory
			SQL_FREERESULT($result_sub);
		}
	} else {
		// No main menus active
		$OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE'));
	}

	// Free memory
	SQL_FREERESULT($result_main);

	// Return content
	return $OUT;
}

//
function addSponsorContent ($what) {
	$OUT = '';
	$INC = sprintf("inc/modules/sponsor/%s.php", $what);
	if (isIncludeReadable($INC)) {
		// Every sponsor action will output nothing directly. It will be written into $OUT!
		loadIncludeOnce($INC);
	} else {
		// File not found!
		$OUT .= loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_CONTENT_404', $what));
	}

	// Return content
	return $OUT;
}

//
function updateSponsorLogin () {
	// Failed by default
	$login = false;

	// Is sponsor?
	if (isSponsor()) {
		// Update last online timestamp
		SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data`
SET `last_online`=UNIX_TIMESTAMP()
WHERE `id`='%s' AND `password`='%s' LIMIT 1",
			array(
				bigintval(getSession('sponsorid')),
				getSession('sponsorpass')
			), __FUNCTION__, __LINE__);

		// This update went fine?
		$login = (SQL_AFFECTEDROWS() == 1);
	}

	// Return status
	return $login;
}

// Saves sponsor's data
function saveSponsorData ($postData, $content) {
	$EMAIL = false;

	// Unsecure data which we don't want
	$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
	                'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
	                'ok', 'pass1', 'pass2');

	// Set default message ("not saved")
	$message = getMessage('SPONSOR_ACCOUNT_DATA_NOT_SAVED');

	// Check for submitted passwords
	if ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) {
		// Are both passwords the same?
		if ($postData['pass1'] == $postData['pass2']) {
			// Okay, then set password and remove pass1 and pass2
			$postData['password'] = md5($postData['pass1']);
		} // END - if
	} // END - if

	// Remove all (maybe spoofed) unsafe data from array
	foreach ($UNSAFE as $remove) {
		unset($postData[$remove]);
	} // END - foreach

	// This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
	// secure the data
	$DATA = array();

	// Prepare SQL string
	$sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET";
	foreach ($postData as $key => $value) {
		// Mmmmm, too less security here???
		$sql   .= " `".secureString($key)."`='%s',";

		// We will secure this later inside the SQL_QUERY_ESC() function
		$DATA[] = secureString($value);
	} // END - foreach

	// Check if email has changed
	if ((!empty($content['email'])) && (!empty($postData['email']))) {
		if ($content['email'] != $postData['email']) {
			// Change email address
			$EMAIL = true;

			// Okay, has changed then add status with UNCONFIRMED and new hash code
			$sql .= " `status`='EMAIL', `hash`='%s',";

			// Generate hash code
			$HASH = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
			$DATA[] = $HASH;
		} // END - if
	} // END - if

	// Remove last commata
	$sql = substr($sql, 0, -1);

	// Add SQL tail data
	$sql .= " WHERE `id`='%s' AND password='%s' LIMIT 1";
	$DATA[] = bigintval(getSession('sponsorid'));
	$DATA[] = getSession('sponsorpass');

	// Saving data was completed... ufff...
	switch (getWhat())
	{
		case 'account': // Change account data
			if ($EMAIL === true) {
				$message   = getMessage('SPONSOR_ACCOUNT_EMAIL_CHANGED');
				$templ = 'admin_sponsor_change_email';
				$subj  = getMessage('ADMIN_SPONSOR_ACC_EMAIL_SUBJ');
			} else {
				$message   = getMessage('SPONSOR_ACCOUNT_DATA_SAVED');
				$templ = 'admin_sponsor_change_data';
				$subj  = getMessage('ADMIN_SPONSOR_ACC_DATA_SUBJ');
			}
			break;

		case 'settings': // Change settings
			// Translate some data
			$content['receive']  = translateYesNo($content['receive_warnings']);
			$content['interval'] = createFancyTime($content['warning_interval']);

			// Set message template and subject for admin
			$message   = getMessage('SPONSOR_SETTINGS_SAVED');
			$templ = 'admin_sponsor_settings';
			$subj  = getMessage('ADMIN_SPONSOR_SETTINGS_SUBJ');
			break;

		default: // Unknown sponsor what value!
			logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat()));
			$message = getMaskedMessage('SPONSOR_UNKNOWN_WHAT', getWhat());
			$templ = ''; $subj = '';
			break;
	}

	if (SQL_AFFECTEDROWS() == 1) {
		if (!empty($templ) && !empty($subj)) {
			// Run SQL command and check for success
			$result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);

			// Add all data to content
			$content['new_data'] = $postData;

			// Change some data
			if (isset($content['gender']))             $content['gender']                  = translateGender($content['gender']);
			if (isset($content['new_data']['gender'])) $content['new_data']['gender']      = translateGender($content['new_data']['gender']);
			if (isset($content['receive_warnings']))   $content['new_data']['receive']     = translateYesNo($content['new_data']['receive_warnings']);
			if (isset($content['warning_interval']))   $content['new_data']['interval']    = createFancyTime($content['new_data']['warning_interval']);

			// Send email to admins
			sendAdminNotification($subj, $templ, $content);

			// Shall we send mail to the sponsor's new email address?
			if ($content['receive_warnings'] == 'Y') {
				// Okay send email with confirmation link to new address and with no confirmation link
				// to the old address

				// First to old address
				switch (getWhat())
				{
					case 'account': // Change account data
						$email_msg = loadEmailTemplate('sponsor_change_data', $content);
						sendEmail($content['email'], getMessage('SPONSOR_ACC_DATA_SUBJ'), $email_msg);

						if ($EMAIL === true) {
							// Add hash code to content array
							$content['hash'] = $HASH;

							// Second mail goes to the new address
							$email_msg = loadEmailTemplate('sponsor_change_email', $content);
							sendEmail($content['email'], getMessage('SPONSOR_ACC_EMAIL_SUBJ'), $email_msg);
						}
						break;

					case 'settings': // Change settings
						// Send email
						$email_msg = loadEmailTemplate('sponsor_settings', $content);
						sendEmail($content['email'], getMessage('SPONSOR_SETTINGS_SUBJ'), $email_msg);
						break;
				}
			} // END - if
		} // END - if
	} // END - if

	// Return final message
	return $message;
}

// [EOF]
?>