More rewrites/fixes (not all is fixed) for ext-sponsor

[mailer.git] / inc / modules / sponsor / account.php
diff --git a/inc/modules/sponsor/account.php b/inc/modules/sponsor/account.php

index 62d18a26c106b6ab526902dc327fecfd4fdf1373..76889dc415ab0d92a76f80d66cf690575c6974b6 100644 (file)
--- a/inc/modules/sponsor/account.php
+++ b/inc/modules/sponsor/account.php
@@ -45,18 +45,26 @@ if (!defined('__SECURITY')) {
         return;
  } elseif (!isSponsor()) {
         // No sponsor!
-       addFatalMessage(__FILE__, __LINE__, getMessage('SPONSOR_ONLY_AREA_ENTERED'));
+       addFatalMessage(__FILE__, __LINE__, '{--SPONSOR_ONLY_AREA_ENTERED--}');
         return;
  }
  
  // Data for the formular
-$result = SQL_QUERY_ESC("SELECT `company`, `position`, `tax_ident`,
-`gender`, `surname`, `family`, `street_nr1`, `street_nr2`, `zip`, `city`, `country`,
-`phone`, `fax`, `cell`, `email`, `url`,
-`status`, `receive_warnings`
-FROM `{?_MYSQL_PREFIX?}_sponsor_data`
-WHERE `id`='%s' AND `password`='%s' LIMIT 1",
-       array(bigintval(getSession('sponsorid')), getSession('sponsorpass')), __FILE__, __LINE__);
+$result = SQL_QUERY_ESC("SELECT
+       `id`, `company`, `position`, `tax_ident`,
+       `gender`, `surname`, `family`, `street_nr1`, `street_nr2`, `zip`, `city`, `country`,
+       `phone`, `fax`, `cell`, `email`, `url`,
+       `status`, `receive_warnings`
+FROM
+       `{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+       `id`=%s AND
+       `password`='%s'
+LIMIT 1",
+       array(
+               bigintval(getSession('sponsor_id')),
+               getSession('sponsorpass')
+       ), __FILE__, __LINE__);
  
  // Entry found?
  if (SQL_NUMROWS($result) == 1) {
@@ -68,22 +76,22 @@ if (SQL_NUMROWS($result) == 1) {
                         // Check passwords
                         if (!isPostRequestParameterSet('pass_old')) {
                                 // No current password entered
-                               $message = getMessage('SPONSOR_NO_CURRENT_PASSWORD_ENTERED');
+                               $message = '{--SPONSOR_NO_CURRENT_PASSWORD_ENTERED--}';
                         } elseif (md5(postRequestParameter('pass_old')) != getSession('sponsorpass')) {
                                 // Entered password didn't match password in DB
-                               $message = getMessage('SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB');
+                               $message = '{--SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB--}';
                         } elseif ((isPostRequestParameterSet('pass1')) && (isPostRequestParameterSet('pass2')) && (postRequestParameter('pass1') != postRequestParameter('pass2'))) {
                                 // Both new passwords did not match
-                               $message = getMessage('SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH');
+                               $message = '{--SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH--}';
                         } elseif ((!isPostRequestParameterSet('pass1')) && (isPostRequestParameterSet('pass2'))) {
                                 // No password one entered
-                               $message = getMessage('SPONSOR_PASSWORD_ONE_EMPTY');
+                               $message = '{--SPONSOR_PASSWORD_ONE_EMPTY--}';
                         } elseif ((isPostRequestParameterSet('pass1')) && (!isPostRequestParameterSet('pass2'))) {
                                 // No password two entered
-                               $message = getMessage('SPONSOR_PASSWORD_TWO_EMPTY');
+                               $message = '{--SPONSOR_PASSWORD_TWO_EMPTY--}';
                         } elseif ((isPostRequestParameterSet('pass1')) && (strlen(postRequestParameter('pass1')) < getConfig('pass_len'))) {
                                 // Too short password
-                               $message = getMessage('SPONSOR_PASSWORD_TOO_SHORT');
+                               $message = '{--SPONSOR_PASSWORD_TOO_SHORT--}';
                         } else {
                                 // Default is we don't want to change password!
                                 $PASS_AND = ''; $PASS_DATA = '';
@@ -93,7 +101,7 @@ if (SQL_NUMROWS($result) == 1) {
                                         // Change current password
                                         $PASS_AND  = ", `password`='%s'";
                                         $PASS_DATA = md5(postRequestParameter('pass1'));
-                               }
+                               } // END - if
  
                                 // Unsecure data which we don't want here
                                 $UNSAFE = array('receive_warnings', 'warning_interval');
@@ -101,7 +109,7 @@ if (SQL_NUMROWS($result) == 1) {
                                 // Remove all (maybe spoofed) unsafe data from array
                                 foreach ($UNSAFE as $remove) {
                                         unsetPostRequestParameter($remove);
-                               }
+                               } // END - foreach
  
                                 // Set last change timestamp
                                 setPostRequestParameter('last_change', 'UNIX_TIMESTAMP()');
@@ -112,10 +120,10 @@ if (SQL_NUMROWS($result) == 1) {
  
                         if (!empty($message)) {
                                 // Output message
-                               $OUT = loadTemplate('admin_settings_saved', true, $message);
+                               $GLOBALS['sponsor_output'] = loadTemplate('admin_settings_saved', true, $message);
                         } else {
                                 // No message generated
-                               $OUT = loadTemplate('admin_settings_saved', true, '{--SPONSOR_NO_MESSAGE_GENERATED--}');
+                               $GLOBALS['sponsor_output'] = loadTemplate('admin_settings_saved', true, '{--SPONSOR_NO_MESSAGE_GENERATED--}');
                         }
                 } else {
                         // Init gender
@@ -127,16 +135,16 @@ if (SQL_NUMROWS($result) == 1) {
                         $content['gender_' . strtolower($content['gender'])] = ' selected="selected"';
  
                         // Output formular
-                       $OUT = loadTemplate('sponsor_account_form', true, $content);
+                       $GLOBALS['sponsor_output'] = loadTemplate('sponsor_account_form', true, $content);
                 }
         } else {
                 // Locked or so?
                 $STATUS = sponsorTranslateUserStatus($content['status']);
-               $OUT = loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_ACCOUNT_FAILED', $STATUS));
+               $GLOBALS['sponsor_output'] = loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_ACCOUNT_FAILED', $STATUS));
         }
  } else {
         // Sponsor account not found!
-       $OUT = loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_ACCOUNT_404', getSession('sponsorid')));
+       $GLOBALS['sponsor_output'] = loadTemplate('admin_settings_saved', true, getMaskedMessage('SPONSOR_ACCOUNT_404', getSession('sponsor_id')));
  }
  
  // Free memory