}
//
-function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
-{
- $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
+function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false) {
+ // Init a lot variables
+ $SAVE = true;
+ $UPDATE = false;
+ $skip = false;
+ $ALREADY = false;
$ret = "unused";
// Skip these entries
);
// Check if sponsor already exists
- foreach ($POST as $k => $v)
- {
- if (!(array_search($k, $SKIPPED) > -1))
- {
+ foreach ($POST as $k => $v) {
+ if (!(array_search($k, $SKIPPED) > -1)) {
// Check only posted input entries not the submit button
switch ($k)
{
case "email":
$ALREADY = false;
- if (!VALIDATE_EMAIL($v))
- {
+ if (!VALIDATE_EMAIL($v)) {
// Email address is not valid
$SAVE = false;
- }
- else
- {
+ } else {
// Do we want to add a new sponsor or update his data?
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
- array($POST['email']), __FILE__, __LINE__);
+ array($POST['email']), __FILE__, __LINE__);
// Is a sponsor alread in the db?
- if (SQL_NUMROWS($result) == 1)
- {
- // Free memory
- SQL_FREERESULT($result);
-
+ if (SQL_NUMROWS($result) == 1) {
// Yes, he is!
- if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE))
- {
+ if (($GLOBALS['what'] == "add_sponsor") || ($NO_UPDATE)) {
// Already found!
$ALREADY = true;
- }
- else
- {
+ } else {
// Update his data
$UPDATE = true;
}
}
+
+ // Free memory
+ SQL_FREERESULT($result);
}
break;
default:
// Test if there is are time selections
$TEST = substr($k, -3);
- if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v)))
- {
+ if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v))) {
// Found a multi-selection for timings?
$TEST = substr($k, 0, -3);
- if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2))
- {
+ if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2)) {
// Generate timestamp
$POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
$DATA['keys'][] = $TEST;
$DATA['values'][] = $POST[$TEST];
// Remove data from array
+ // @TODO Do we still need this all?
unset($POST[$TEST."_ye"]);
unset($POST[$TEST."_mo"]);
unset($POST[$TEST."_we"]);
// Skip adding
$k = ""; $skip = true; $TEST2 = $TEST;
}
- }
- else
- {
+ } else {
$skip = false; $TEST2 = "";
}
break;
}
- if ((!empty($k)) && ($skip == false))
- {
+ if ((!empty($k)) && ($skip == false)) {
// Add data
$DATA['keys'][] = $k; $DATA['values'][] = $v;
}
}
// Save sponsor?
- if ($SAVE)
- {
+ if ($SAVE) {
// Default is no force even when a guest want to abuse this force switch
if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
$SQL = ""; $MSG = "";
// Update?
- if ($UPDATE)
- {
+ if ($UPDATE) {
// Update his data
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
- foreach ($DATA['keys'] as $k => $v)
- {
+ foreach ($DATA['keys'] as $k => $v) {
$SQL .= $v."='%s', ";
}
$DATA['values'][] = bigintval($_GET['id']);
// Generate message
- $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
+ $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
$ret = "updated";
- }
- elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN())))
- {
+ } elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN()))) {
// Add new sponsor, first add more data
$DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
$DATA['keys'][] = "status";
- if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor"))
- {
+ if ((!$NO_UPDATE) && (IS_ADMIN()) && ($GLOBALS['what'] == "add_sponsor")) {
// Only allowed for admin
$DATA['values'][] = "PENDING";
- }
- else
- {
+ } elsen{
// Guest area
$DATA['values'][] = "UNCONFIRMED";
// Generate hash code
$DATA['keys'][] = "hash";
- $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+ $DATA['values'][] = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA['keys'][] = "remote_addr";
$DATA['values'][] = GET_REMOTE_ADDR();
}
$SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
// Generate message
- $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
+ $MSG = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
$ret = "added";
- }
- elseif ((!$NO_UPDATE) && (IS_ADMIN()))
- {
+ } elseif ((!$NO_UPDATE) && (IS_ADMIN())) {
// Add all data as hidden data
$OUT = "";
- foreach ($POST as $k => $v)
- {
+ foreach ($POST as $k => $v) {
// Do not add 'force' !
- if ($k != "force")
- {
+ if ($k != "force") {
$OUT .= "<INPUT type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\">\n";
}
}
// Ask for adding a sponsor with same email address
LOAD_TEMPLATE("admin_add_sponsor_already");
return;
- }
- else
- {
+ } else {
// Already added!
$MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
$ret = "already";
}
- if (!empty($SQL))
- {
+ if (!empty($SQL)) {
// Run SQL command
$result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
}
// Output message
- if ((!$NO_UPDATE) && (IS_ADMIN()))
- {
+ if ((!$NO_UPDATE) && (IS_ADMIN())) {
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
}
- }
- else
- {
+ } else {
// Error found!
- $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
+ $MSG = SPONSOR_GET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
}
if ($RET_STATUS) return $ret;
}
//
-function SPONSOR_TRANSLATE_STATUS($status)
-{
+function SPONSOR_TRANSLATE_STATUS($status) {
switch ($status)
{
case "UNCONFIRMED":
return $ret;
}
// Search for an email address in the database
-function SPONSOR_FOUND_EMAIL_DB($email)
-{
- // Default status is failed (as it is always be...)
- $ret = false;
-
- // Check for email (and secure input)
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
- array($email), __FILE__, __LINE__);
-
+function SPONSOR_FOUND_EMAIL_DB ($email) {
// Do we already have the provided email address in our DB?
- if (SQL_NUMROWS($result) == 1) $ret = true;
+ $ret = (GET_TOTAL_DATA($email, "sponsor_data", "id", "email", true) == 1);
// Return result
return $ret;
}
//
-function SPONSOR_SET_MESSAGE($msg, $pos, $array)
-{
+function SPONSOR_GET_MESSAGE ($msg, $pos, $array) {
// Check if the requested message was found in array
- if (isset($array[$pos]))
- {
+ if (isset($array[$pos])) {
// ... if yes then use it!
$ret = $array[$pos];
- }
- else
- {
+ } else {
// ... else use default message
$ret = $msg;
}
// Return result
return $ret;
}
+
//
-function IS_SPONSOR()
-{
- global $_COOKIE;
+function IS_SPONSOR () {
// Failed...
$ret = false;
- if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass'])))
- {
+ if ((isSessionVariableSet('sponsorid'))) && (isSessionVariableSet('sponsorpass')))) {
// Check cookies against database records...
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// All is fine
$ret = true;
}
return $OUT;
}
//
-function UPDATE_SPONSOR_LOGIN()
-{
- global $_COOKIE, $_CONFIG;
-
- // Check if cookies are set
- if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
+function UPDATE_SPONSOR_LOGIN () {
+ // Failed by default
+ $login = false;
- // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
- // seperate timeout for these two cookies?
- $life = (time() + getConfig('online_timeout'));
-
- // Is confirmed so both is fine and we can continue with login procedure
- $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
- (setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH)));
-
- // Update database?
- if ($login)
- {
+ // Is sponsor?
+ if (IS_SPONSOR()) {
// Update last online timestamp
SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
-SET last_online='".time()."'
+SET last_online=UNIX_TIMESTAMP()
WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ array(bigintval(get_session('sponsorid')), get_session('sponsorpass')), __FILE__, __LINE__);
+
+ // This update went fine?
+ $login = (SQL_AFFECTEDROWS() == 1);
}
// Return status
return $login;
}
//
-function SPONSOR_SAVE_DATA($POST, $content)
-{
- global $_COOKIE, $_SERVER, $_GET;
+function SPONSOR_SAVE_DATA ($POST, $content) {
$EMAIL = false;
// Unsecure data which we don't want
$MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
// Check for submitted passwords
- if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
- {
+ if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) {
// Are both passwords the same?
- if ($_POST['pass1'] == $_POST['pass2'])
- {
+ if ($POST['pass1'] == $POST['pass2']) {
// Okay, then set password and remove pass1 and pass2
- $_POST['password'] = md5($_POST['pass1']);
+ $POST['password'] = md5($POST['pass1']);
}
}
// Remove all (maybe spoofed) unsafe data from array
- foreach ($UNSAFE as $remove)
- {
+ foreach ($UNSAFE as $remove) {
unset($POST[$remove]);
}
// Prepare SQL string
$SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
- foreach ($POST as $key => $value)
- {
+ foreach ($POST as $key => $value) {
// Mmmmm, too less security here???
$SQL .= " ".strip_tags($key)."='%s',";
}
// Check if email has changed
- if ((!empty($content['email'])) && (!empty($POST['email'])))
- {
- if ($content['email'] != $POST['email'])
- {
+ if ((!empty($content['email'])) && (!empty($POST['email']))) {
+ if ($content['email'] != $POST['email']) {
// Change email address
$EMAIL = true;
$SQL .= " status='EMAIL', hash='%s',";
// Generate hash code
- $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+ $HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
$DATA[] = $HASH;
}
}
// Add SQL tail data
$SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
- $DATA[] = bigintval($_COOKIE['sponsorid']);
- $DATA[] = $_COOKIE['sponsorpass'];
+ $DATA[] = bigintval(get_session('sponsorid'));
+ $DATA[] = get_session('sponsorpass');
// Saving data was completed... ufff...
switch ($GLOBALS['what'])
{
case "account": // Change account data
- if ($EMAIL)
- {
+ if ($EMAIL) {
$MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED;
$templ = "admin_sponsor_change_email";
$subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
projects / mailer.git / blobdiff