<?php
/************************************************************************
 * MXChange v0.2.1                                    Start: 04/23/2005 *
 * ===============                              Last change: 05/18/2008 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : sponsor_functions.php                            *
 * -------------------------------------------------------------------- *
 * Short description : Functions for the sponsor area                   *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Funktionen fuer den Sponsorenbereich             *
 * -------------------------------------------------------------------- *
 * $Revision::                                                        $ *
 * $Date::                                                            $ *
 * $Tag:: 0.2.1-FINAL                                                 $ *
 * $Author::                                                          $ *
 * Needs to be in all Files and every File needs "svn propset           *
 * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software. You can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License.       *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (!defined('__SECURITY')) {
	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
	require($INC);
}

//
function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array(), $RET_STATUS=false) {
	// Init a lot variables
	$SAVE = true;
	$UPDATE = false;
	$skip = false;
	$ALREADY = false;
	$ret = "unused";

	// Skip these entries
	$SKIPPED = array(
		'ok', 'edit', 'terms', 'pay_type'
	);

	// Save sponsor data
	$DATA = array(
		'keys'   => array(),
		'values' => array()
	);

 	// Check if sponsor already exists
	foreach ($POST as $k => $v) {
		if (!(array_search($k, $SKIPPED) > -1)) {
			// Check only posted input entries not the submit button
			switch ($k)
			{
			case "email":
				$ALREADY = false;
				if (!VALIDATE_EMAIL($v)) {
					// Email address is not valid
					$SAVE = false;
				} else {
					// Do we want to add a new sponsor or update his data?
					$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1",
						array($POST['email']), __FUNCTION__, __LINE__);

					// Is a sponsor alread in the db?
					if (SQL_NUMROWS($result) == 1) {
						// Yes, he is!
						if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) {
							// Already found!
							$ALREADY = true;
						} else {
							// Update his data
							$UPDATE = true;
						}
					}

					// Free memory
					SQL_FREERESULT($result);
				}
				break;

			case "pass1":
				$k = ""; $v = "";
				break;

			case "pass2":
				$k = "password"; $v = md5($v);
				break;

			case "url":
				if (!VALIDATE_URL($v)) $SAVE = false;
				break;

			default:
				// Test if there is are time selections
				CONVERT_SELECTIONS_TO_TIMESTAMP($POST, $DATA, $k, $skip);
				break;
			}

			if ((!empty($k)) && ($skip == false)) {
				// Add data
				$DATA['keys'][] = $k; $DATA['values'][] = $v;
			}
		}
	}

	// Save sponsor?
	if ($SAVE) {
		// Default is no force even when a guest want to abuse this force switch
		if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;

		// SQL and message string is empty by default
		$sql = ""; $message = "";

		// Update?
		if ($UPDATE) {
			// Update his data
			$sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET ";
			foreach ($DATA['keys'] as $k => $v) {
				$sql .= $v."='%s', ";
			}

			// Remove last ", " from SQL string
			$sql = substr($sql, 0, -2)." WHERE id='%s' LIMIT 1";
			$DATA['values'][] = bigintval(REQUEST_GET('id'));

			// Generate message
			$message = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $messageArray);
			$ret = "updated";
		} elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) {
			// Add new sponsor, first add more data
			$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
			$DATA['keys'][] = "status";
			if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) {
				// Only allowed for admin
				$DATA['values'][] = "PENDING";
			} else {
				// Guest area
				$DATA['values'][] = "UNCONFIRMED";

				// Generate hash code
				$DATA['keys'][] = "hash";
				$DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
				$DATA['keys'][] = "remote_addr";
				$DATA['values'][] = GET_REMOTE_ADDR();
			}

			// Implode all data into strings
			$KEYS   = implode(", "  , $DATA['keys']);
			$VALUES = str_repeat("%s', '", count($DATA['values']) - 1);

			// Generate string
			$sql = "INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_data` (".$KEYS.") VALUES ('".$VALUES."%s')";

			// Generate message
			$message = SPONSOR_GET_MESSAGE(getMessage('ADMIN_SPONSOR_ADDED'), "added", $messageArray);
			$ret = "added";
		} elseif ((!$NO_UPDATE) && (IS_ADMIN())) {
			// Add all data as hidden data
			$OUT = "";
			foreach ($POST as $k => $v) {
				// Do not add 'force' !
				if ($k != "force") {
					$OUT .= "<input type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\" />\n";
				}
			}
			define('__HIDDEN_DATA', $OUT);
			define('__EMAIL'      , $POST['email']);

			// Ask for adding a sponsor with same email address
			LOAD_TEMPLATE("admin_add_sponsor_already");
			return;
		} else {
			// Already added!
			$message = sprintf(getMessage('SPONSOR_ALREADY_FOUND', $POST['email']));
			$ret = "already";
		}

		if (!empty($sql)) {
			// Run SQL command
			$result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
		}

		// Output message
		if ((!$NO_UPDATE) && (IS_ADMIN())) {
			LOAD_TEMPLATE("admin_settings_saved", false, $message);
		}
	} else {
		// Error found!
		$message = SPONSOR_GET_MESSAGE(getMessage('SPONSOR_DATA_NOT_SAVED'), "failed", $messageArray);
		LOAD_TEMPLATE("admin_settings_saved", false, $message);
	}

	// Shall we return the status?
	if ($RET_STATUS) return $ret;
}
//
function SPONSOR_TRANSLATE_STATUS ($status) {
	// Construct constant name
	$constantName = sprintf("ACCOUNT_%s", $status);

	// Is the constant there?
	if (defined($constantName)) {
		// Then use it
		$ret = constant($constantName);
	} else {
		// Not found!
		DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
		$ret = sprintf(getMessage('UNKNOWN_STATUS'), $status);
	}
	return $ret;
}
// Search for an email address in the database
function SPONSOR_FOUND_EMAIL_DB ($email) {
	// Do we already have the provided email address in our DB?
	$ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1);

	// Return result
	return $ret;
}
//
function SPONSOR_GET_MESSAGE ($msg, $pos, $array) {
	// Check if the requested message was found in array
	if (isset($array[$pos])) {
		// ... if yes then use it!
		$ret = $array[$pos];
	} else {
		// ... else use default message
		$ret = $msg;
	}

	// Return result
	return $ret;
}

//
function IS_SPONSOR () {
	// Failed...
	$ret = false;
	if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) {
		// Check cookies against database records...
		$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_sponsor_data`
WHERE id='%s' AND password='%s' AND `status`='CONFIRMED' LIMIT 1",
			array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FUNCTION__, __LINE__);
		if (SQL_NUMROWS($result) == 1) {
			// All is fine
			$ret = true;
		}

		// Free memory
		SQL_FREERESULT($result);
	}

	// Return status
	return $ret;
}
//
function GENERATE_SPONSOR_MENU($current)
{
	$OUT = "";
	$WHERE = " AND active='Y'";
	if (IS_ADMIN()) $WHERE = "";

	// Load main menu entries
	$result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{!_MYSQL_PREFIX!}_sponsor_menu`
WHERE (`what`='' OR `what` IS NULL) ".$WHERE."
ORDER BY `sort`", __FUNCTION__, __LINE__);
	if (SQL_NUMROWS($result_main) > 0) {
		// Load every menu and it's sub menus
		while ($content = SQL_FETCHARRAY($result_main)) {
			// Load sub menus
			$result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{!_MYSQL_PREFIX!}_sponsor_menu`
WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE."
ORDER BY `sort`",
				array($content['main_action']), __FUNCTION__, __LINE__);
			if (SQL_NUMROWS($result_sub) > 0) {
				// Load sub menus
				$SUB = "";
				while ($content2 = SQL_FETCHARRAY($result_sub)) {
					// Merge both arrays
					$content = merge_array($content, $content2);

					// Check if current selected menu is matching the loaded one
					if ($current == $content['sub_what']) $content['sub_title'] = "<strong>".$content['sub_title']."</strong>";

					// Prepare data for the sub template
					$content = array(
						'what'  => $content['sub_what'],
						'title' => $content['sub_title']
					);

					// Load row template
					$SUB .= LOAD_TEMPLATE("sponsor_what", true, $content);
				}

				// Prepare data for the main template
				$content = array(
					'title' => $content['main_title'],
					'menu'  => $SUB
				);

				// Load menu template
				$OUT .= LOAD_TEMPLATE("sponsor_action", true, $content);
			} else {
				// No sub menus active
				$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE'));
			}

			// Free memory
			SQL_FREERESULT($result_sub);
		}
	} else {
		// No main menus active
		$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE'));
	}

	// Free memory
	SQL_FREERESULT($result_main);

	// Return content
	return $OUT;
}

//
function GENERATE_SPONSOR_CONTENT ($what) {
	$OUT = "";
	$INC = sprintf("inc/modules/sponsor/%s.php", $what);
	if (INCLUDE_READABLE($INC)) {
		// Every sponsor action will output nothing directly. It will be written into $OUT!
		LOAD_INC_ONCE($INC);
	} else {
		// File not found!
		$OUT .= LOAD_TEMPLATE("admin_settings_saved", true, sprintf(getMessage('SPONSOR_CONTENT_404'), $what));
	}

	// Return content
	return $OUT;
}

//
function UPDATE_SPONSOR_LOGIN () {
	// Failed by default
	$login = false;

	// Is sponsor?
	if (IS_SPONSOR()) {
		// Update last online timestamp
		SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data`
SET last_online=UNIX_TIMESTAMP()
WHERE id='%s' AND password='%s' LIMIT 1",
			array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FUNCTION__, __LINE__);

		// This update went fine?
		$login = (SQL_AFFECTEDROWS() == 1);
	}

	// Return status
	return $login;
}
//
function SPONSOR_SAVE_DATA ($POST, $content) {
	$EMAIL = false;

	// Unsecure data which we don't want
	$UNSAFE = array('password', 'id', 'remote_addr', 'sponsor_created', 'last_online', 'status', 'ref_count',
	                'points_amount', 'points_used', 'refid', 'hash', 'last_pay', 'last_curr', 'pass_old',
	                'ok', 'pass1', 'pass2');

	// Set default message ("not saved")
	$message = getMessage('SPONSOR_ACCOUNT_DATA_NOT_SAVED');

	// Check for submitted passwords
	if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) {
		// Are both passwords the same?
		if ($POST['pass1'] == $POST['pass2']) {
			// Okay, then set password and remove pass1 and pass2
			$POST['password'] = md5($POST['pass1']);
		} // END - if
	} // END - if

	// Remove all (maybe spoofed) unsafe data from array
	foreach ($UNSAFE as $remove) {
		unset($POST[$remove]);
	} // END - foreach

	// This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
	// secure the data
	$DATA = array();

	// Prepare SQL string
	$sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET";
	foreach ($POST as $key => $value) {
		// Mmmmm, too less security here???
		$sql   .= " ".strip_tags($key)."='%s',";

		// We will secure this later inside the SQL_QUERY_ESC() function
		$DATA[] = strip_tags($value);

		// Compile {SLASH} and so on for the email templates
		$POST[$key] = COMPILE_CODE($value);
	} // END - foreach

	// Check if email has changed
	if ((!empty($content['email'])) && (!empty($POST['email']))) {
		if ($content['email'] != $POST['email']) {
			// Change email address
			$EMAIL = true;

			// Okay, has changed then add status with UNCONFIRMED and new hash code
			$sql .= " `status`='EMAIL', hash='%s',";

			// Generate hash code
			$HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
			$DATA[] = $HASH;
		} // END - if
	} // END - if

	// Remove last commata
	$sql = substr($sql, 0, -1);

	// Add SQL tail data
	$sql .= " WHERE id='%s' AND password='%s' LIMIT 1";
	$DATA[] = bigintval(get_session('sponsorid'));
	$DATA[] = get_session('sponsorpass');

	// Saving data was completed... ufff...
	switch ($GLOBALS['what'])
	{
	case "account": // Change account data
		if ($EMAIL === true) {
			$message   = getMessage('SPONSOR_ACCOUNT_EMAIL_CHANGED');
			$templ = "admin_sponsor_change_email";
			$subj  = getMessage('ADMIN_SPONSOR_ACC_EMAIL_SUBJ');
		} else {
			$message   = getMessage('SPONSOR_ACCOUNT_DATA_SAVED');
			$templ = "admin_sponsor_change_data";
			$subj  = getMessage('ADMIN_SPONSOR_ACC_DATA_SUBJ');
		}
		break;

	case "settings": // Change settings
		// Translate some data
		$content['receive']  = TRANSLATE_YESNO($content['receive_warnings']);
		$content['interval'] = CREATE_FANCY_TIME($content['warning_interval']);

		// Set message template and subject for admin
		$message   = getMessage('SPONSOR_SETTINGS_SAVED');
		$templ = "admin_sponsor_settings";
		$subj  = getMessage('ADMIN_SPONSOR_SETTINGS_SUBJ');
		break;

	default: // Unknown sponsor what value!
		DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $GLOBALS['what']));
		$message = sprintf(getMessage('SPONSOR_UNKNOWN_WHAT'), $GLOBALS['what']);
		$templ = ""; $subj = "";
		break;
	}

	if (SQL_AFFECTEDROWS() == 1) {
		if (!empty($templ) && !empty($subj)) {
			// Run SQL command and check for success
			$result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);

			// Add all data to content
			global $DATA;
			$DATA = $POST;

			// Change some data
			if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
			if (isset($DATA['gender']))    $DATA['gender']    = TRANSLATE_GENDER($DATA['gender']);
			if (isset($content['receive_warnings'])) $DATA['receive']     = TRANSLATE_YESNO($POST['receive_warnings']);
			if (isset($content['warning_interval'])) $DATA['interval']    = CREATE_FANCY_TIME($POST['warning_interval']);

			// Send email to admins
			SEND_ADMIN_NOTIFICATION($subj, $templ, $content);

			// Shall we send mail to the sponsor's new email address?
			if ($content['receive_warnings'] == "Y") {
				// Okay send email with confirmation link to new address and with no confirmation link
				// to the old address

				// First to old address
				switch ($GLOBALS['what'])
				{
				case "account": // Change account data
					$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
					SEND_EMAIL($content['email'], getMessage('SPONSOR_ACC_DATA_SUBJ'), $email_msg);

					if ($EMAIL === true) {
						// Add hash code to content array
						$content['hash'] = $HASH;

						// Second mail goes to the new address
						$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content);
						SEND_EMAIL($content['email'], getMessage('SPONSOR_ACC_EMAIL_SUBJ'), $email_msg);
					}
					break;

				case "settings": // Change settings
					// Send email
					$email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content);
					SEND_EMAIL($content['email'], getMessage('SPONSOR_SETTINGS_SUBJ'), $email_msg);
					break;
				}
			} // END - if
		} // END - if
	} // END - if

	// Return final message
	return $message;
}

//
?>