Security line in all includes changed
[mailer.git] / inc / modules / guest / what-sponsor_login.php
index 09f1ff1..c28f500 100644 (file)
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -55,7 +54,7 @@ if (!empty($_GET['mode']))
 if (!empty($_GET['hash']))
 {
        // Lookup sponsor
-       $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
+       $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
 company, position, tax_ident,
 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
 points_amount AS points, last_pay AS pay, last_curr AS curr
@@ -67,8 +66,8 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
                // Sponsor found, load his data...
                $SPONSOR = SQL_FETCHARRAY($result);
 
-               // Translate salut and comma
-               $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
+               // Translate gender and comma
+               $SPONSOR['gender']  = TRANSLATE_GENDER($SPONSOR['gender']);
                $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
                $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
 
@@ -136,26 +135,26 @@ WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
  elseif ($MODE == "activate")
 {
        // Send activation link again
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check submitted data
-               if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+               if (empty($_POST['email'])) unset($_POST['ok']);
        }
 
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check email
-               $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
+               $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
+ array($_POST['email']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Unconfirmed sponsor account found so let's load the requested data
                        $SPONSOR = SQL_FETCHARRAY($result);
 
                        // Translate some data
-                       $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
+                       $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
                        $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 
                        // Prepare email and send it to the sponsor
@@ -169,7 +168,7 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
                                // Confirmed email address
                                $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
                        }
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+                       SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 
                        // Output message
                        LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
@@ -192,26 +191,26 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
  elseif ($MODE == "lost_pass")
 {
        // Send new password
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check submitted data
-               if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+               if (empty($_POST['email'])) unset($_POST['ok']);
        }
 
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check email
-               $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
+               $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
+ array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Unconfirmed sponsor account found so let's load the requested data
                        $SPONSOR = SQL_FETCHARRAY($result);
 
                        // Translate some data
-                       $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
+                       $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
                        $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 
                        // Generate password
@@ -219,7 +218,7 @@ WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
 
                        // Prepare email and send it to the sponsor
                        $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+                       SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 
                        // Update password
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
@@ -244,12 +243,12 @@ WHERE id='%s' LIMIT 1",
                LOAD_TEMPLATE("guest_sponsor_lost");
        }
 }
- elseif (isset($HTTP_POST_VARS['ok']))
+ elseif (isset($_POST['ok']))
 {
        // Check status and login data ...
        $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
+ array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
                // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
@@ -258,11 +257,11 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                {
                        // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
                        // seperate timeout for these two cookies?
-                       $life = (time() + $CONFIG['online_timeout']);
+                       $life = (time() + $_CONFIG['online_timeout']);
 
                        // Is confirmed so both is fine and we can continue with login procedure
-                       $login = ((setcookie("sponsorid"  , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
-                                 (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass'])           , $life, COOKIE_PATH)));
+                       $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
+                                 (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
 
                        if ($login)
                        {
@@ -273,7 +272,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                        {
                                // Cookie setup failed!
                                LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
-                               OUTPUT_HTML("<BR>");
+                               OUTPUT_HTML("<br />");
 
                                // Login formular and other links
                                LOAD_TEMPLATE("guest_sponsor_login");
@@ -285,7 +284,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                        $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
                        eval($eval);
                        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-                       OUTPUT_HTML("<BR>");
+                       OUTPUT_HTML("<br />");
 
                        // Login formular and other links
                        LOAD_TEMPLATE("guest_sponsor_login");
@@ -295,7 +294,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
        {
                // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
                LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
-               OUTPUT_HTML("<BR>");
+               OUTPUT_HTML("<br />");
 
                // Login formular and other links
                LOAD_TEMPLATE("guest_sponsor_login");