<?php
/************************************************************************
- * MXChange v0.2.1 Start: 04/23/2005 *
- * =============== Last change: 05/18/2008 *
+ * Mailer v0.2.1-FINAL Start: 04/23/2005 *
+ * =================== Last change: 05/18/2008 *
* *
* -------------------------------------------------------------------- *
* File : sponsor_functions.php *
* -------------------------------------------------------------------- *
* Kurzbeschreibung : Funktionen fuer den Sponsorenbereich *
* -------------------------------------------------------------------- *
- * *
+ * $Revision:: $ *
+ * $Date:: $ *
+ * $Tag:: 0.2.1-FINAL $ *
+ * $Author:: $ *
+ * Needs to be in all Files and every File needs "svn propset *
+ * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * Copyright (c) 2003 - 2009 by Roland Haeder *
* For more information visit: http://www.mxchange.org *
* *
- * This program is free software. You can redistribute it and/or modify *
+ * This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License. *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
// Some security stuff...
if (!defined('__SECURITY')) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
- require($INC);
+ die();
}
//
-function SPONSOR_HANDLE_SPONSOR(&$POST, $NO_UPDATE=false, $MSGs=array(), $RET_STATUS=false)
-{
- $SAVE = true; $UPDATE = false; $skip = false; $ALREADY = false;
+function handlSponsorRequest (&$postData, $update=false, $messageArray=array(), $RET_STATUS=false) {
+ // Init a lot variables
+ $SAVE = true;
+ $UPDATE = false;
+ $skip = false;
+ $ALREADY = false;
$ret = "unused";
// Skip these entries
'values' => array()
);
- // Check if sponsor already exists
- foreach ($POST as $k => $v)
- {
- if (!(array_search($k, $SKIPPED) > -1))
- {
- // Check only posted input entries not the submit button
- switch ($k)
- {
- case "email":
- $ALREADY = false;
- if (!VALIDATE_EMAIL($v))
- {
- // Email address is not valid
- $SAVE = false;
- }
- else
+ // Check if sponsor already exists
+ foreach ($postData as $k => $v) {
+ if (!(array_search($k, $SKIPPED) > -1)) {
+ // Check only posted input entries not the submit button
+ switch ($k)
{
- // Do we want to add a new sponsor or update his data?
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
- array($POST['email']), __FILE__, __LINE__);
-
- // Is a sponsor alread in the db?
- if (SQL_NUMROWS($result) == 1)
- {
- // Free memory
- SQL_FREERESULT($result);
-
- // Yes, he is!
- if (($_GET['what'] == "add_sponsor") || ($NO_UPDATE))
- {
- // Already found!
- $ALREADY = true;
- }
- else
- {
- // Update his data
- $UPDATE = true;
+ case 'email':
+ $ALREADY = false;
+ if (!isEmailValid($v)) {
+ // Email address is not valid
+ $SAVE = false;
+ } else {
+ // Do we want to add a new sponsor or update his data?
+ $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE email='%s' LIMIT 1",
+ array($postData['email']), __FUNCTION__, __LINE__);
+
+ // Is a sponsor alread in the db?
+ if (SQL_NUMROWS($result) == 1) {
+ // Yes, he is!
+ if ((getWhat() == 'add_sponsor') || ($update)) {
+ // Already found!
+ $ALREADY = true;
+ } else {
+ // Update his data
+ $UPDATE = true;
+ }
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
}
- }
- }
- break;
+ break;
- case "pass1":
- $k = ""; $v = "";
- break;
+ case 'pass1':
+ $k = ''; $v = '';
+ break;
- case "pass2":
- $k = "password"; $v = md5($v);
- break;
+ case 'pass2':
+ $k = 'password'; $v = md5($v);
+ break;
- case "url":
- if (!VALIDATE_URL($v)) $SAVE = false;
- break;
+ case 'url':
+ if (!isUrlValid($v)) $SAVE = false;
+ break;
- default:
- // Test if there is are time selections
- $TEST = substr($k, -3);
- if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (!empty($v)))
- {
- // Found a multi-selection for timings?
- $TEST = substr($k, 0, -3);
- if ((!empty($POST[$TEST."_ye"])) && (!empty($POST[$TEST."_mo"])) && (!empty($POST[$TEST."_we"])) && (!empty($POST[$TEST."_da"])) && (!empty($POST[$TEST."_ho"])) && (!empty($POST[$TEST."_mi"])) && (!empty($POST[$TEST."_se"])) && ($TEST != $TEST2))
- {
- // Generate timestamp
- $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
- $DATA['keys'][] = $TEST;
- $DATA['values'][] = $POST[$TEST];
-
- // Remove data from array
- unset($POST[$TEST."_ye"]);
- unset($POST[$TEST."_mo"]);
- unset($POST[$TEST."_we"]);
- unset($POST[$TEST."_da"]);
- unset($POST[$TEST."_ho"]);
- unset($POST[$TEST."_mi"]);
- unset($POST[$TEST."_se"]);
-
- // Skip adding
- $k = ""; $skip = true; $TEST2 = $TEST;
- }
- }
- else
- {
- $skip = false; $TEST2 = "";
+ default:
+ // Test if there is are time selections
+ convertSelectionsToTimestamp($postData, $DATA, $k, $skip);
+ break;
}
- break;
- }
- if ((!empty($k)) && ($skip == false))
- {
- // Add data
- $DATA['keys'][] = $k; $DATA['values'][] = $v;
- }
- }
- }
-
- // Save sponsor?
- if ($SAVE)
- {
- // Default is no force even when a guest want to abuse this force switch
- if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
-
- // SQL and message string is empty by default
- $SQL = ""; $MSG = "";
-
- // Update?
- if ($UPDATE)
- {
- // Update his data
- $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET ";
- foreach ($DATA['keys'] as $k => $v)
- {
- $SQL .= $v."='%s', ";
+ if ((!empty($k)) && ($skip == false)) {
+ // Add data
+ $DATA['keys'][] = $k; $DATA['values'][] = $v;
+ }
}
-
- // Remove last ", " from SQL string
- $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
- $DATA['values'][] = bigintval($_GET['id']);
-
- // Generate message
- $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $MSGs);
- $ret = "updated";
}
- elseif ((!$ALREADY) || (($POST['force'] == "1") && (IS_ADMIN())))
- {
- // Add new sponsor, first add more data
- $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time();
- $DATA['keys'][] = "status";
- if ((!$NO_UPDATE) && (IS_ADMIN()) && ($_GET['what'] == "add_sponsor"))
- {
- // Only allowed for admin
- $DATA['values'][] = "PENDING";
- }
- else
- {
- // Guest area
- $DATA['values'][] = "UNCONFIRMED";
-
- // Generate hash code
- $DATA['keys'][] = "hash";
- $DATA['values'][] = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
- $DATA['keys'][] = "remote_addr";
- $DATA['values'][] = GET_REMOTE_ADDR();
- }
- // Implode all data into strings
- $KEYS = implode(", " , $DATA['keys']);
- $VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
+ // Save sponsor?
+ if ($SAVE === true) {
+ // Default is no force even when a guest want to abuse this force switch
+ if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';
- // Generate string
- $SQL = "INSERT INTO "._MYSQL_PREFIX."_sponsor_data (".$KEYS.") VALUES ('".$VALUES."%s')";
+ // SQL and message string is empty by default
+ $sql = ''; $message = '';
- // Generate message
- $MSG = SPONSOR_SET_MESSAGE(ADMIN_SPONSOR_ADDED, "added", $MSGs);
- $ret = "added";
- }
- elseif ((!$NO_UPDATE) && (IS_ADMIN()))
- {
- // Add all data as hidden data
- $OUT = "";
- foreach ($POST as $k => $v)
- {
- // Do not add 'force' !
- if ($k != "force")
- {
- $OUT .= "<INPUT type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\">\n";
+ // Update?
+ if ($UPDATE) {
+ // Update his data
+ $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET ";
+ foreach ($DATA['keys'] as $k => $v) {
+ $sql .= $v."='%s', ";
}
- }
- define('__HIDDEN_DATA', $OUT);
- define('__EMAIL' , $POST['email']);
- // Ask for adding a sponsor with same email address
- LOAD_TEMPLATE("admin_add_sponsor_already");
- return;
- }
- else
- {
- // Already added!
- $MSG = SPONSOR_ALREADY_FOUND_1.$POST['email'].SPONSOR_ALREADY_FOUND_2;
- $ret = "already";
- }
+ // Remove last ", " from SQL string
+ $sql = substr($sql, 0, -2)." WHERE `id`='%s' LIMIT 1";
+ $DATA['values'][] = bigintval(getRequestParameter('id'));
+
+ // Generate message
+ $message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_UPDATED'), 'updated', $messageArray);
+ $ret = "updated";
+ } elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) {
+ // Add new sponsor, first add more data
+ $DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time();
+ $DATA['keys'][] = 'status';
+ if (($update === true) && (isAdmin()) && (getWhat() == 'add_sponsor')) {
+ // Only allowed for admin
+ $DATA['values'][] = 'PENDING';
+ } else {
+ // Guest area
+ $DATA['values'][] = 'UNCONFIRMED';
+
+ // Generate hash code
+ $DATA['keys'][] = 'hash';
+ $DATA['values'][] = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
+ $DATA['keys'][] = 'remote_addr';
+ $DATA['values'][] = detectRemoteAddr();
+ }
- if (!empty($SQL))
- {
- // Run SQL command
- $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FILE__, __LINE__);
- }
+ // Implode all data into strings
+ $KEYS = implode("`, `" , $DATA['keys']);
+ $valueS = str_repeat("%s', '", count($DATA['values']) - 1);
+
+ // Generate string
+ $sql = "INSERT INTO `{?_MYSQL_PREFIX?}_sponsor_data` (`".$KEYS."`) VALUES ('".$valueS."%s')";
+
+ // Generate message
+ $message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_ADDED'), "added", $messageArray);
+ $ret = 'added';
+ } elseif (($update === true) && (isAdmin())) {
+ // Add all data as hidden data
+ $OUT = '';
+ foreach ($postData as $k => $v) {
+ // Do not add 'force' !
+ if ($k != 'force') {
+ $OUT .= '<input type="hidden" name="' . secureString($k) . '" value="' . SQL_ESCAPE($v) . '" />';
+ } // END - if
+ } // END - foreach
+
+ // Remember data
+ $content['hidden'] = $OUT;
+ $content['email'] = $postData['email'];
+
+ // Ask for adding a sponsor with same email address
+ loadTemplate('admin_add_sponsor_already', false, $content);
+ return;
+ } else {
+ // Already added!
+ $message = getMaskedMessage('SPONSOR_ALREADY_FOUND', $postData['email']);
+ $ret = 'already';
+ }
- // Output message
- if ((!$NO_UPDATE) && (IS_ADMIN()))
- {
- LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
+ if (!empty($sql)) {
+ // Run SQL command
+ $result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
+ } // END - if
+
+ // Output message
+ if (($update === true) && (isAdmin())) {
+ loadTemplate('admin_settings_saved', false, $message);
+ } // END - if
+ } else {
+ // Error found!
+ $message = getMessageFromIndexedArray(getMessage('SPONSOR_DATA_NOT_SAVED'), 'failed', $messageArray);
+ loadTemplate('admin_settings_saved', false, $message);
}
- }
- else
- {
- // Error found!
- $MSG = SPONSOR_SET_MESSAGE(SPONSOR_DATA_NOT_SAVED, "failed", $MSGs);
- LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
- }
- // Shall we return the status?
- if ($RET_STATUS) return $ret;
+ // Shall we return the status?
+ if ($RET_STATUS === true) return $ret;
}
+
//
-function SPONSOR_TRANSLATE_STATUS($status)
-{
- switch ($status)
- {
- case "UNCONFIRMED":
- $ret = ACCOUNT_UNCONFIRMED;
- break;
-
- case "CONFIRMED":
- $ret = ACCOUNT_CONFIRMED;
- break;
-
- case "LOCKED":
- $ret = ACCOUNT_LOCKED;
- break;
-
- case "PENDING":
- $ret = ACCOUNT_PENDING;
- break;
-
- case "EMAIL":
- $ret = ACCOUNT_EMAIL;
- break;
-
- default:
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s detected.", $status));
- $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2;
- break;
+function sponsorTranslateUserStatus ($status) {
+ // Construct constant name
+ $constantName = sprintf("ACCOUNT_%s", $status);
+
+ // Is the constant there?
+ if (defined($constantName)) {
+ // Then use it
+ $ret = constant($constantName);
+ } else {
+ // Not found!
+ logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status));
+ $ret = getMaskedMessage('UNKNOWN_STATUS', $status);
}
return $ret;
}
-// Search for an email address in the database
-function SPONSOR_FOUND_EMAIL_DB($email)
-{
- // Default status is failed (as it is always be...)
- $ret = false;
-
- // Check for email (and secure input)
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data WHERE email='%s' LIMIT 1",
- array($email), __FILE__, __LINE__);
+// Search for an email address in the database
+function isSponsorRegisteredWithEmail ($email) {
// Do we already have the provided email address in our DB?
- if (SQL_NUMROWS($result) == 1) $ret = true;
+ $ret = (countSumTotalData($email, 'sponsor_data', 'id', 'email', true) == 1);
// Return result
return $ret;
}
-//
-function SPONSOR_SET_MESSAGE($msg, $pos, $array)
-{
- // Check if the requested message was found in array
- if (isset($array[$pos]))
- {
- // ... if yes then use it!
- $ret = $array[$pos];
- }
- else
- {
- // ... else use default message
- $ret = $msg;
- }
- // Return result
- return $ret;
-}
-//
-function IS_SPONSOR()
-{
- global $_COOKIE;
+// Wether the current user is a sponsor
+function isSponsor () {
// Failed...
$ret = false;
- if ((!empty($_COOKIE['sponsorid'])) && (!empty($_COOKIE['sponsorpass'])))
- {
+ if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) {
// Check cookies against database records...
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE id='%s' AND password='%s' AND status='CONFIRMED' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ $result = SQL_QUERY_ESC("SELECT
+ `id`
+FROM
+ `{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+ `id`='%s' AND `password`='%s' AND `status`='CONFIRMED'
+LIMIT 1",
+ array(
+ bigintval(getSession('sponsorid')),
+ getSession('sponsorpass')
+ ), __FUNCTION__, __LINE__);
+ if (SQL_NUMROWS($result) == 1) {
// All is fine
$ret = true;
- }
+ } // END - if
// Free memory
SQL_FREERESULT($result);
- }
+ } // END - if
// Return status
return $ret;
}
+
//
-function GENERATE_SPONSOR_MENU($current)
-{
- $OUT = "";
+function addSponsorMenu ($current) {
+ $OUT = '';
$WHERE = " AND active='Y'";
- if (IS_ADMIN()) $WHERE = "";
+ if (isAdmin()) $WHERE = '';
// Load main menu entries
- $result_main = SQL_QUERY("SELECT action, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE (what='' OR what IS NULL) ".$WHERE."
-ORDER BY sort", __FILE__, __LINE__);
- if (SQL_NUMROWS($result_main) > 0)
- {
+ $result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
+WHERE (`what`='' OR `what` IS NULL) ".$WHERE."
+ORDER BY `sort`", __FUNCTION__, __LINE__);
+ if (SQL_NUMROWS($result_main) > 0) {
// Load every menu and it's sub menus
- while(list($action, $title_main) = SQL_FETCHROW($result_main))
- {
+ while ($content = SQL_FETCHARRAY($result_main)) {
// Load sub menus
- $result_sub = SQL_QUERY_ESC("SELECT what, title FROM "._MYSQL_PREFIX."_sponsor_menu
-WHERE action='%s' AND what != '' AND what IS NOT NULL ".$WHERE."
-ORDER BY sort", array($action), __FILE__, __LINE__);
- if (SQL_NUMROWS($result_sub) > 0)
- {
+ $result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu`
+WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE."
+ORDER BY `sort`",
+ array($content['main_action']), __FUNCTION__, __LINE__);
+ if (SQL_NUMROWS($result_sub) > 0) {
// Load sub menus
- $SUB = "";
- while(list($what, $title_sub) = SQL_FETCHROW($result_sub))
- {
+ $SUB = '';
+ while ($content2 = SQL_FETCHARRAY($result_sub)) {
+ // Merge both arrays
+ $content = merge_array($content, $content2);
+
// Check if current selected menu is matching the loaded one
- if ($current == $what) $title_sub = "<STRONG>".$title_sub."</STRONG>";
+ if ($current == $content['sub_what']) $content['sub_title'] = "<strong>".$content['sub_title']."</strong>";
// Prepare data for the sub template
$content = array(
- 'what' => $what,
- 'title' => $title_sub
+ 'what' => $content['sub_what'],
+ 'title' => $content['sub_title']
);
// Load row template
- $SUB .= LOAD_TEMPLATE("sponsor_what", true, $content);
+ $SUB .= loadTemplate('sponsor_what', true, $content);
}
// Prepare data for the main template
$content = array(
- 'title' => $title_main,
+ 'title' => $content['main_title'],
'menu' => $SUB
);
// Load menu template
- $OUT .= LOAD_TEMPLATE("sponsor_action", true, $content);
- }
- else
- {
+ $OUT .= loadTemplate('sponsor_action', true, $content);
+ } else {
// No sub menus active
- $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_SUB_MENUS_ACTIVE);
+ $OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE'));
}
// Free memory
SQL_FREERESULT($result_sub);
}
- }
- else
- {
+ } else {
// No main menus active
- $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MAIN_MENUS_ACTIVE);
+ $OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE'));
}
// Free memory
// Return content
return $OUT;
}
+
//
-function GENERATE_SPONSOR_CONTENT($what)
-{
- global $_CONFIG;
- $OUT = "";
- $FILE = sprintf("%sinc/modules/sponsor/%s.php", PATH, $what);
- if (FILE_READABLE($FILE)) {
+function addSponsorContent ($what) {
+ $OUT = '';
+ $INC = sprintf("inc/modules/sponsor/%s.php", $what);
+ if (isIncludeReadable($INC)) {
// Every sponsor action will output nothing directly. It will be written into $OUT!
- require_once($FILE);
+ loadIncludeOnce($INC);
} else {
// File not found!
- $OUT .= LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_CONTENT_404_1.$what.SPONSOR_CONTENT_404_2);
+ $OUT .= loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_CONTENT_404', $what));
}
// Return content
return $OUT;
}
-//
-function UPDATE_SPONSOR_LOGIN()
-{
- global $_COOKIE, $_CONFIG;
- // Check if cookies are set
- if ((empty($_COOKIE['sponsorid'])) || (empty($_COOKIE['sponsorpass']))) return false;
-
- // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
- // seperate timeout for these two cookies?
- $life = (time() + $_CONFIG['online_timeout']);
-
- // Is confirmed so both is fine and we can continue with login procedure
- $login = ((setcookie("sponsorid" , bigintval($_COOKIE['sponsorid']), $life, COOKIE_PATH)) &&
- (setcookie("sponsorpass", $_COOKIE['sponsorpass'] , $life, COOKIE_PATH)));
+//
+function updateSponsorLogin () {
+ // Failed by default
+ $login = false;
- // Update database?
- if ($login)
- {
+ // Is sponsor?
+ if (isSponsor()) {
// Update last online timestamp
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data
-SET last_online='".time()."'
-WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+ SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data`
+SET `last_online`=UNIX_TIMESTAMP()
+WHERE `id`='%s' AND `password`='%s' LIMIT 1",
+ array(
+ bigintval(getSession('sponsorid')),
+ getSession('sponsorpass')
+ ), __FUNCTION__, __LINE__);
+
+ // This update went fine?
+ $login = (SQL_AFFECTEDROWS() == 1);
}
// Return status
return $login;
}
-//
-function SPONSOR_SAVE_DATA($POST, $content)
-{
- global $_COOKIE, $_SERVER, $_GET;
+
+// Saves sponsor's data
+function saveSponsorData ($postData, $content) {
$EMAIL = false;
// Unsecure data which we don't want
'ok', 'pass1', 'pass2');
// Set default message ("not saved")
- $MSG = SPONSOR_ACCOUNT_DATA_NOT_SAVED;
+ $message = getMessage('SPONSOR_ACCOUNT_DATA_NOT_SAVED');
// Check for submitted passwords
- if ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
- {
+ if ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) {
// Are both passwords the same?
- if ($_POST['pass1'] == $_POST['pass2'])
- {
+ if ($postData['pass1'] == $postData['pass2']) {
// Okay, then set password and remove pass1 and pass2
- $_POST['password'] = md5($_POST['pass1']);
- }
- }
+ $postData['password'] = md5($postData['pass1']);
+ } // END - if
+ } // END - if
// Remove all (maybe spoofed) unsafe data from array
- foreach ($UNSAFE as $remove)
- {
- unset($POST[$remove]);
- }
+ foreach ($UNSAFE as $remove) {
+ unset($postData[$remove]);
+ } // END - foreach
// This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to
// secure the data
$DATA = array();
// Prepare SQL string
- $SQL = "UPDATE "._MYSQL_PREFIX."_sponsor_data SET";
- foreach ($POST as $key => $value)
- {
+ $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET";
+ foreach ($postData as $key => $value) {
// Mmmmm, too less security here???
- $SQL .= " ".strip_tags($key)."='%s',";
+ $sql .= " `".secureString($key)."`='%s',";
// We will secure this later inside the SQL_QUERY_ESC() function
- $DATA[] = strip_tags($value);
-
- // Compile {SLASH} and so on for the email templates
- $POST[$key] = COMPILE_CODE($value);
- }
+ $DATA[] = secureString($value);
+ } // END - foreach
// Check if email has changed
- if ((!empty($content['email'])) && (!empty($POST['email'])))
- {
- if ($content['email'] != $POST['email'])
- {
+ if ((!empty($content['email'])) && (!empty($postData['email']))) {
+ if ($content['email'] != $postData['email']) {
// Change email address
$EMAIL = true;
// Okay, has changed then add status with UNCONFIRMED and new hash code
- $SQL .= " status='EMAIL', hash='%s',";
+ $sql .= " `status`='EMAIL', `hash`='%s',";
// Generate hash code
- $HASH = md5($_COOKIE['PHPSESSID'].":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
+ $HASH = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time());
$DATA[] = $HASH;
- }
- }
+ } // END - if
+ } // END - if
// Remove last commata
- $SQL = substr($SQL, 0, -1);
+ $sql = substr($sql, 0, -1);
// Add SQL tail data
- $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
- $DATA[] = bigintval($_COOKIE['sponsorid']);
- $DATA[] = $_COOKIE['sponsorpass'];
+ $sql .= " WHERE `id`='%s' AND password='%s' LIMIT 1";
+ $DATA[] = bigintval(getSession('sponsorid'));
+ $DATA[] = getSession('sponsorpass');
// Saving data was completed... ufff...
- switch ($_GET['what'])
+ switch (getWhat())
{
- case "account": // Change account data
- if ($EMAIL)
- {
- $MSG = SPONSOR_ACCOUNT_EMAIL_CHANGED;
- $templ = "admin_sponsor_change_email";
- $subj = ADMIN_SPONSOR_ACC_EMAIL_SUBJ;
- }
- else
- {
- $MSG = SPONSOR_ACCOUNT_DATA_SAVED;
- $templ = "admin_sponsor_change_data";
- $subj = ADMIN_SPONSOR_ACC_DATA_SUBJ;
- }
- break;
-
- case "settings": // Change settings
- // Translate some data
- $content['receive'] = TRANSLATE_YESNO($content['receive_warnings']);
- $content['interval'] = CREATE_FANCY_TIME($content['warning_interval']);
-
- // Set message template and subject for admin
- $MSG = SPONSOR_SETTINGS_SAVED;
- $templ = "admin_sponsor_settings";
- $subj = ADMIN_SPONSOR_SETTINGS_SUBJ;
- break;
-
- default: // Unknown sponsor what value!
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", $_GET['what']));
- $MSG = SPONSOR_UNKNOWN_WHAT_1.$_GET['what'].SPONSOR_UNKNOWN_WHAT_2;
- $templ = ""; $subj = "";
- break;
+ case 'account': // Change account data
+ if ($EMAIL === true) {
+ $message = getMessage('SPONSOR_ACCOUNT_EMAIL_CHANGED');
+ $templ = 'admin_sponsor_change_email';
+ $subj = getMessage('ADMIN_SPONSOR_ACC_EMAIL_SUBJ');
+ } else {
+ $message = getMessage('SPONSOR_ACCOUNT_DATA_SAVED');
+ $templ = 'admin_sponsor_change_data';
+ $subj = getMessage('ADMIN_SPONSOR_ACC_DATA_SUBJ');
+ }
+ break;
+
+ case 'settings': // Change settings
+ // Translate some data
+ $content['receive'] = translateYesNo($content['receive_warnings']);
+ $content['interval'] = createFancyTime($content['warning_interval']);
+
+ // Set message template and subject for admin
+ $message = getMessage('SPONSOR_SETTINGS_SAVED');
+ $templ = 'admin_sponsor_settings';
+ $subj = getMessage('ADMIN_SPONSOR_SETTINGS_SUBJ');
+ break;
+
+ default: // Unknown sponsor what value!
+ logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat()));
+ $message = getMaskedMessage('SPONSOR_UNKNOWN_WHAT', getWhat());
+ $templ = ''; $subj = '';
+ break;
}
- if (SQL_AFFECTEDROWS() == 1)
- {
- if (!empty($templ) && !empty($subj))
- {
+ if (SQL_AFFECTEDROWS() == 1) {
+ if (!empty($templ) && !empty($subj)) {
// Run SQL command and check for success
- $result = SQL_QUERY_ESC($SQL, $DATA, __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);
// Add all data to content
- global $DATA;
- $DATA = $POST;
+ $content['new_data'] = $postData;
// Change some data
- if (isset($content['gender'])) $content['gender'] = TRANSLATE_GENDER($content['gender']);
- if (isset($DATA['gender'])) $DATA['gender'] = TRANSLATE_GENDER($DATA['gender']);
- if (isset($content['receive_warnings'])) $DATA['receive'] = TRANSLATE_YESNO($POST['receive_warnings']);
- if (isset($content['warning_interval'])) $DATA['interval'] = CREATE_FANCY_TIME($POST['warning_interval']);
+ if (isset($content['gender'])) $content['gender'] = translateGender($content['gender']);
+ if (isset($content['new_data']['gender'])) $content['new_data']['gender'] = translateGender($content['new_data']['gender']);
+ if (isset($content['receive_warnings'])) $content['new_data']['receive'] = translateYesNo($content['new_data']['receive_warnings']);
+ if (isset($content['warning_interval'])) $content['new_data']['interval'] = createFancyTime($content['new_data']['warning_interval']);
// Send email to admins
- SEND_ADMIN_NOTIFICATION($subj, $templ, $content);
+ sendAdminNotification($subj, $templ, $content);
// Shall we send mail to the sponsor's new email address?
- if ($content['receive_warnings'] == "Y")
- {
+ if ($content['receive_warnings'] == 'Y') {
// Okay send email with confirmation link to new address and with no confirmation link
// to the old address
// First to old address
- switch ($_GET['what'])
+ switch (getWhat())
{
- case "account": // Change account data
- $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content);
- SEND_EMAIL($content['email'], SPONSOR_ACC_DATA_SUBJ, $email_msg);
-
- if ($EMAIL)
- {
- // Add hash code to content array
- $content['hash'] = $HASH;
-
- // Second mail goes to the new address
- $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content);
- SEND_EMAIL($content['email'], SPONSOR_ACC_EMAIL_SUBJ, $email_msg);
- }
- break;
-
- case "settings": // Change settings
- // Send email
- $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content);
- SEND_EMAIL($content['email'], SPONSOR_SETTINGS_SUBJ, $email_msg);
- break;
+ case 'account': // Change account data
+ $email_msg = loadEmailTemplate('sponsor_change_data', $content);
+ sendEmail($content['email'], getMessage('SPONSOR_ACC_DATA_SUBJ'), $email_msg);
+
+ if ($EMAIL === true) {
+ // Add hash code to content array
+ $content['hash'] = $HASH;
+
+ // Second mail goes to the new address
+ $email_msg = loadEmailTemplate('sponsor_change_email', $content);
+ sendEmail($content['email'], getMessage('SPONSOR_ACC_EMAIL_SUBJ'), $email_msg);
+ }
+ break;
+
+ case 'settings': // Change settings
+ // Send email
+ $email_msg = loadEmailTemplate('sponsor_settings', $content);
+ sendEmail($content['email'], getMessage('SPONSOR_SETTINGS_SUBJ'), $email_msg);
+ break;
}
- }
- }
- }
+ } // END - if
+ } // END - if
+ } // END - if
// Return final message
- return $MSG;
+ return $message;
}
-//
+
+// [EOF]
?>
projects / mailer.git / blobdiff