Security line in all includes changed

[mailer.git] / inc / modules / guest / what-sponsor_login.php
diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php

index 2c00d2ec863356f7f7548eb06b001fcb3889225c..c28f50026c671cc270aff0b7c2e7192a9e0b88d9 100644 (file)
--- a/inc/modules/guest/what-sponsor_login.php
+++ b/inc/modules/guest/what-sponsor_login.php
@@ -31,8 +31,7 @@
   ************************************************************************/
  
  // Some security stuff...
   ************************************************************************/
  
  // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
         require($INC);
  }
         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
         require($INC);
  }
@@ -55,7 +54,7 @@ if (!empty($_GET['mode']))
  if (!empty($_GET['hash']))
  {
         // Lookup sponsor
  if (!empty($_GET['hash']))
  {
         // Lookup sponsor
-       $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
+       $result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
  company, position, tax_ident,
  street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
  points_amount AS points, last_pay AS pay, last_curr AS curr
  company, position, tax_ident,
  street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
  points_amount AS points, last_pay AS pay, last_curr AS curr
@@ -67,8 +66,8 @@ LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
                 // Sponsor found, load his data...
                 $SPONSOR = SQL_FETCHARRAY($result);
  
                 // Sponsor found, load his data...
                 $SPONSOR = SQL_FETCHARRAY($result);
  
-               // Translate salut and comma
-               $SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
+               // Translate gender and comma
+               $SPONSOR['gender']  = TRANSLATE_GENDER($SPONSOR['gender']);
                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
  
                 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
                 $SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
  
@@ -81,24 +80,14 @@ WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
   array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  
                         // Check on success 
   array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  
                         // Check on success 
-                       if (SQL_AFFECTEDROWS($link) == 1)
+                       if (SQL_AFFECTEDROWS() == 1)
                         {
                                 // Prepare mail and send it to the sponsor
                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
  
                                 // Send email to admin
                         {
                                 // Prepare mail and send it to the sponsor
                                 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
                                 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
  
                                 // Send email to admin
-                               if (GET_EXT_VERSION("admins") >= "0.4.1")
-                               {
-                                       // Use new system
-                                       SEND_ADMIN_EMAILS_PRO (ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
-                               }
-                                else
-                               {
-                                       // Send over old system
-                                       $msg_admin = LOAD_EMAIL_TEMPLATE("admin_sponsor_pending", $SPONSOR);
-                                       SEND_ADMIN_EMAILS (ADMIN_NEW_SPONSOR, $msg_admin);
-                               }
+                               SEND_ADMIN_NOTIFICATION(ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
  
                                 // Sponsor account set to pending
                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
  
                                 // Sponsor account set to pending
                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
@@ -117,7 +106,7 @@ WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
   array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  
                         // Check on success 
   array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
  
                         // Check on success 
-                       if (SQL_AFFECTEDROWS($link) == 1)
+                       if (SQL_AFFECTEDROWS() == 1)
                         {
                                 // Sponsor account is unlocked again
                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
                         {
                                 // Sponsor account is unlocked again
                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
@@ -146,26 +135,26 @@ WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
   elseif ($MODE == "activate")
  {
         // Send activation link again
   elseif ($MODE == "activate")
  {
         // Send activation link again
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
         {
                 // Check submitted data
         {
                 // Check submitted data
-               if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+               if (empty($_POST['email'])) unset($_POST['ok']);
         }
  
         }
  
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
         {
                 // Check email
         {
                 // Check email
-               $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
+               $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
  FROM "._MYSQL_PREFIX."_sponsor_data
  WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
  FROM "._MYSQL_PREFIX."_sponsor_data
  WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
+ array($_POST['email']), __FILE__, __LINE__);
                 if (SQL_NUMROWS($result) == 1)
                 {
                         // Unconfirmed sponsor account found so let's load the requested data
                         $SPONSOR = SQL_FETCHARRAY($result);
  
                         // Translate some data
                 if (SQL_NUMROWS($result) == 1)
                 {
                         // Unconfirmed sponsor account found so let's load the requested data
                         $SPONSOR = SQL_FETCHARRAY($result);
  
                         // Translate some data
-                       $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
+                       $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
  
                         // Prepare email and send it to the sponsor
                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
  
                         // Prepare email and send it to the sponsor
@@ -179,7 +168,7 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
                                 // Confirmed email address
                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
                         }
                                 // Confirmed email address
                                 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
                         }
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+                       SEND_EMAIL($_POST['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
  
                         // Output message
                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
  
                         // Output message
                         LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
@@ -202,26 +191,26 @@ WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
   elseif ($MODE == "lost_pass")
  {
         // Send new password
   elseif ($MODE == "lost_pass")
  {
         // Send new password
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
         {
                 // Check submitted data
         {
                 // Check submitted data
-               if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+               if (empty($_POST['email'])) unset($_POST['ok']);
         }
  
         }
  
-       if (isset($HTTP_POST_VARS['ok']))
+       if (isset($_POST['ok']))
         {
                 // Check email
         {
                 // Check email
-               $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
+               $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
  FROM "._MYSQL_PREFIX."_sponsor_data
  WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
  FROM "._MYSQL_PREFIX."_sponsor_data
  WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
+ array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
                 if (SQL_NUMROWS($result) == 1)
                 {
                         // Unconfirmed sponsor account found so let's load the requested data
                         $SPONSOR = SQL_FETCHARRAY($result);
  
                         // Translate some data
                 if (SQL_NUMROWS($result) == 1)
                 {
                         // Unconfirmed sponsor account found so let's load the requested data
                         $SPONSOR = SQL_FETCHARRAY($result);
  
                         // Translate some data
-                       $SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
+                       $SPONSOR['gender']           = TRANSLATE_GENDER($SPONSOR['gender']);
                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
  
                         // Generate password
                         $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
  
                         // Generate password
@@ -229,7 +218,7 @@ WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
  
                         // Prepare email and send it to the sponsor
                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
  
                         // Prepare email and send it to the sponsor
                         $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
-                       SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+                       SEND_EMAIL($_POST['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
  
                         // Update password
                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
  
                         // Update password
                         $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
@@ -254,12 +243,12 @@ WHERE id='%s' LIMIT 1",
                 LOAD_TEMPLATE("guest_sponsor_lost");
         }
  }
                 LOAD_TEMPLATE("guest_sponsor_lost");
         }
  }
- elseif (isset($HTTP_POST_VARS['ok']))
+ elseif (isset($_POST['ok']))
  {
         // Check status and login data ...
         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
  WHERE id='%s' AND password='%s' LIMIT 1",
  {
         // Check status and login data ...
         $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
  WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
+ array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
         if (SQL_NUMROWS($result) == 1)
         {
                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
         if (SQL_NUMROWS($result) == 1)
         {
                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
@@ -268,11 +257,11 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                 {
                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
                         // seperate timeout for these two cookies?
                 {
                         // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
                         // seperate timeout for these two cookies?
-                       $life = (time() + $CONFIG['online_timeout']);
+                       $life = (time() + $_CONFIG['online_timeout']);
  
                         // Is confirmed so both is fine and we can continue with login procedure
  
                         // Is confirmed so both is fine and we can continue with login procedure
-                       $login = ((setcookie("sponsorid"  , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
-                                 (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass'])           , $life, COOKIE_PATH)));
+                       $login = ((setcookie("sponsorid"  , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
+                                 (setcookie("sponsorpass", md5($_POST['pass'])           , $life, COOKIE_PATH)));
  
                         if ($login)
                         {
  
                         if ($login)
                         {
@@ -283,7 +272,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                         {
                                 // Cookie setup failed!
                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
                         {
                                 // Cookie setup failed!
                                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
-                               OUTPUT_HTML("<BR>");
+                               OUTPUT_HTML("<br />");
  
                                 // Login formular and other links
                                 LOAD_TEMPLATE("guest_sponsor_login");
  
                                 // Login formular and other links
                                 LOAD_TEMPLATE("guest_sponsor_login");
@@ -295,7 +284,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
                         eval($eval);
                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
                         $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
                         eval($eval);
                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
-                       OUTPUT_HTML("<BR>");
+                       OUTPUT_HTML("<br />");
  
                         // Login formular and other links
                         LOAD_TEMPLATE("guest_sponsor_login");
  
                         // Login formular and other links
                         LOAD_TEMPLATE("guest_sponsor_login");
@@ -305,7 +294,7 @@ WHERE id='%s' AND password='%s' LIMIT 1",
         {
                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
         {
                 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
                 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
-               OUTPUT_HTML("<BR>");
+               OUTPUT_HTML("<br />");
  
                 // Login formular and other links
                 LOAD_TEMPLATE("guest_sponsor_login");
  
                 // Login formular and other links
                 LOAD_TEMPLATE("guest_sponsor_login");