Updating profiles fixed. It was still broken since I have changed the password hashin...
[mailer.git] / inc / mysql-manager.php
index 562738f..1d87752 100644 (file)
@@ -735,33 +735,42 @@ function GET_MOD_DESCR($MODE, $wht)
 //
 function SEND_MODE_MAILS($mod, $modes)
 {
-       global $_COOKIE, $_POST, $CONFIG, $DATA;
+       global $CONFIG, $DATA;
+
        // Load hash
-       $result_main = SQL_QUERY("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+       $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result_main) == 1)
-       {
-               // Load hash and extract salt
-               list($hash) = SQL_FETCHROW($result_main);
-               $salt = substr($hash, 0, -40);
+       if (SQL_NUMROWS($result_main) == 1) {
+               // Load hash from database
+               list($hashDB) = SQL_FETCHROW($result_main);
+
+               // Extract salt from cookie
+               $salt = substr($_COOKIE['u_hash'], 0, -40);
 
                // Now let's compare passwords
-               $hash = generateHash($_POST['pass1'], $salt);
-               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2']))
-               {
+               $hash = generatePassString($hashDB);
+               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
-                        array($GLOBALS['userid'], $hash), __FILE__, __LINE__);
-                       if (SQL_NUMROWS($result) == 1)
-                       {
+                        array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
+                       if (SQL_NUMROWS($result) == 1) {
+                               // Load the data
                                $DATA = SQL_FETCHROW($result);
+
+                               // Free result
                                SQL_FREERESULT($result);
+
+                               // Translate salutation
                                $DATA[0] = TRANSLATE_SEX($DATA[0]);
+
+                               // Clear/init the content variable
+                               $content = "";
+                               $DATA['info'] = "";
+
                                switch ($mod)
                                {
                                case "mydata":
-                                       foreach ($modes as $mode)
-                                       {
+                                       foreach ($modes as $mode) {
                                                switch ($mode)
                                                {
                                                case "normal": break; // Do not add any special lines
@@ -778,10 +787,9 @@ function SEND_MODE_MAILS($mod, $modes)
                                                        $content = MEMBER_UNKNOWN_MODE.": ".$mode."\n\n";
                                                        break;
                                                }
-                                       }
+                                       } // END - if
 
-                                       if (EXT_IS_ACTIVE("country"))
-                                       {
+                                       if (EXT_IS_ACTIVE("country")) {
                                                // Replace code with description
                                                $DATA[4] = COUNTRY_GENERATE_INFO($_POST['country_code']);
                                        }
@@ -789,14 +797,11 @@ function SEND_MODE_MAILS($mod, $modes)
                                        // Load template
                                        $msg = LOAD_EMAIL_TEMPLATE("member_mydata_notify", $content, $GLOBALS['userid']);
 
-                                       if ($CONFIG['admin_notify'] == 'Y')
-                                       {
+                                       if ($CONFIG['admin_notify'] == 'Y') {
                                                // The admin needs to be notified about a profile change
                                                $msg_admin = "admin_mydata_notify";
                                                $sub_adm = ADMIN_CHANGED_DATA;
-                                       }
-                                        else
-                                       {
+                                       } else {
                                                // No mail to admin
                                                $msg_admin = "";
                                                $sub_adm = "";
@@ -813,51 +818,42 @@ function SEND_MODE_MAILS($mod, $modes)
                                        $content = "<STRONG><SPAN class=\"member_failed\">".UNKNOWN_MODULE."</SPAN></STRONG>";
                                        break;
                                }
-                       }
-                        else
-                       {
+                       } else {
                                // Could not load profile data
                                $content = "<STRONG><SPAN class=\"member_failed\">".MEMBER_CANNOT_LOAD_PROFILE."</SPAN></STRONG>";
                        }
-               }
-                else
-               {
+               } else {
                        // Passwords mismatch
                        $content = "<STRONG><SPAN class=\"member_failed\">".MEMBER_PASSWORD_ERROR."</SPAN></STRONG>";
                }
-       }
-        else
-       {
+       } else {
                // Could not load profile
                $content = "<STRONG><SPAN class=\"member_failed\">".MEMBER_CANNOT_LOAD_PROFILE."</SPAN></STRONG>";
        }
-       if ((!empty($sub_mem)) && (!empty($msg)))
-       {
+
+       // Send email to user if required
+       if ((!empty($sub_mem)) && (!empty($msg))) {
                // Send member mail
                SEND_EMAIL($DATA[7], $sub_mem, $msg);
        }
-       if ((!empty($sub_adm)) && (!empty($msg_admin)))
-       {
-               // Send admin mail
-               if (GET_EXT_VERSION("admins") >= "0.4.1")
-               {
-                       SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']);
-               }
-                else
-               {
-                       SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid']));
+
+       // Send only if no other error has occured
+       if (empty($content)) {
+               if ((!empty($sub_adm)) && (!empty($msg_admin))) {
+                       // Send admin mail
+                       if (GET_EXT_VERSION("admins") >= "0.4.1") {
+                               SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']);
+                       } else {
+                               SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid']));
+                       }
+               } elseif ($CONFIG['admin_notify'] == 'Y') {
+                       // Cannot send mails to admin!
+                       $content = CANNOT_SEND_ADMIN_MAILS;
+               } else {
+                       // No mail to admin
+                       $content = "<STRONG><SPAN class=\"member_done\">".MYDATA_MAIL_SENT."</SPAN></STRONG>";
                }
        }
-        elseif ($CONFIG['admin_notify'] == 'Y')
-       {
-               // Cannot send mails to admin!
-               $content = CANNOT_SEND_ADMIN_MAILS;
-       }
-        else
-       {
-               // No mail to admin
-               $content = "<STRONG><SPAN class=\"member_done\">".MYDATA_MAIL_SENT."</SPAN></STRONG>";
-       }
 
        // Load template
        LOAD_TEMPLATE("admin_settings_saved", false, $content);