Security line in all includes changed
[mailer.git] / inc / modules / guest / what-sponsor_login.php
index 2c00d2e..c28f500 100644 (file)
@@ -31,8 +31,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
 }
@@ -55,7 +54,7 @@ if (!empty($_GET['mode']))
 if (!empty($_GET['hash']))
 {
        // Lookup sponsor
-       $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
+       $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
 company, position, tax_ident,
 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
 points_amount AS points, last_pay AS pay, last_curr AS curr
@@ -67,8 +66,8 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
                // Sponsor found, load his data...
                $SPONSOR = SQL_FETCHARRAY($result);
 
-               // Translate salut and comma
-               $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
+               // Translate gender and comma
+               $SPONSOR['gender']  = TRANSLATE_GENDER($SPONSOR['gender']);
                $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
                $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
 
@@ -81,24 +80,14 @@ WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 
                        // Check on success 
-                       if (SQL_AFFECTEDROWS($link) == 1)
+                       if (SQL_AFFECTEDROWS() == 1)
                        {
                                // Prepare mail and send it to the sponsor
                                $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
                                SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
 
                                // Send email to admin
-                               if (GET_EXT_VERSION("admins") >= "0.4.1")
-                               {
-                                       // Use new system
-                                       SEND_ADMIN_EMAILS_PRO (ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
-                               }
-                                else
-                               {
-                                       // Send over old system
-                                       $msg_admin = LOAD_EMAIL_TEMPLATE("admin_sponsor_pending", $SPONSOR);
-                                       SEND_ADMIN_EMAILS (ADMIN_NEW_SPONSOR, $msg_admin);
-                               }
+                               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
 
                                // Sponsor account set to pending
                                LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
@@ -117,7 +106,7 @@ WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
  array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
 
                        // Check on success 
-                       if (SQL_AFFECTEDROWS($link) == 1)
+                       if (SQL_AFFECTEDROWS() == 1)
                        {
                                // Sponsor account is unlocked again
                                LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
@@ -146,26 +135,26 @@ WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
  elseif ($MODE == "activate")
 {
        // Send activation link again
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check submitted data
-               if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+               if (empty($_POST['email'])) unset($_POST['ok']);
        }
 
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check email
-               $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
+               $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
+ array($_POST['email']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Unconfirmed sponsor account found so let's load the requested data
                        $SPONSOR = SQL_FETCHARRAY($result);
 
                        // Translate some data
-                       $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
+                       $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
                        $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 
                        // Prepare email and send it to the sponsor
@@ -179,7 +168,7 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
                                // Confirmed email address
                                $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
                        }
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+                       SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
 
                        // Output message
                        LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
@@ -202,26 +191,26 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
  elseif ($MODE == "lost_pass")
 {
        // Send new password
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check submitted data
-               if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+               if (empty($_POST['email'])) unset($_POST['ok']);
        }
 
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
        {
                // Check email
-               $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
+               $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
 FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
+ array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Unconfirmed sponsor account found so let's load the requested data
                        $SPONSOR = SQL_FETCHARRAY($result);
 
                        // Translate some data
-                       $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
+                       $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
                        $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
 
                        // Generate password
@@ -229,7 +218,7 @@ WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
 
                        // Prepare email and send it to the sponsor
                        $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+                       SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
 
                        // Update password
                        $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
@@ -254,12 +243,12 @@ WHERE id='%s' LIMIT 1",
                LOAD_TEMPLATE("guest_sponsor_lost");
        }
 }
- elseif (isset($HTTP_POST_VARS['ok']))
+ elseif (isset($_POST['ok']))
 {
        // Check status and login data ...
        $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
 WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
+ array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {
                // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
@@ -268,11 +257,11 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                {
                        // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
                        // seperate timeout for these two cookies?
-                       $life = (time() + $CONFIG['online_timeout']);
+                       $life = (time() + $_CONFIG['online_timeout']);
 
                        // Is confirmed so both is fine and we can continue with login procedure
-                       $login = ((setcookie("sponsorid"  , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
-                                 (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass'])           , $life, COOKIE_PATH)));
+                       $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
+                                 (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
 
                        if ($login)
                        {
@@ -283,7 +272,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                        {
                                // Cookie setup failed!
                                LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
-                               OUTPUT_HTML("<BR>");
+                               OUTPUT_HTML("<br />");
 
                                // Login formular and other links
                                LOAD_TEMPLATE("guest_sponsor_login");
@@ -295,7 +284,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                        $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
                        eval($eval);
                        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-                       OUTPUT_HTML("<BR>");
+                       OUTPUT_HTML("<br />");
 
                        // Login formular and other links
                        LOAD_TEMPLATE("guest_sponsor_login");
@@ -305,7 +294,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
        {
                // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
                LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
-               OUTPUT_HTML("<BR>");
+               OUTPUT_HTML("<br />");
 
                // Login formular and other links
                LOAD_TEMPLATE("guest_sponsor_login");