X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fsponsor_functions.php;h=51d3510e97c238cb4cb390f9a323226289d4f159;hp=06c389a9950c1486e9719f5c1e7c998d3f194a54;hb=9afd6ec5878544a7982c50ed9c0dd7de37606d5b;hpb=b8aa17b98b99c27eafbdca0fa090bae63527da9a diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index 06c389a995..51d3510e97 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -17,12 +17,13 @@ * Needs to be in all Files and every File needs "svn propset * * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * - * Copyright (c) 2003 - 2008 by Roland Haeder * + * Copyright (c) 2003 - 2009 by Roland Haeder * * For more information visit: http://www.mxchange.org * * * - * This program is free software. You can redistribute it and/or modify * + * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License. * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * * * * This program is distributed in the hope that it will be useful, * * but WITHOUT ANY WARRANTY; without even the implied warranty of * @@ -37,12 +38,11 @@ // Some security stuff... if (!defined('__SECURITY')) { - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php'; - require($INC); + die(); } // -function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array(), $RET_STATUS=false) { +function handlSponsorRequest (&$postData, $update=false, $messageArray=array(), $RET_STATUS=false) { // Init a lot variables $SAVE = true; $UPDATE = false; @@ -53,16 +53,16 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() // Skip these entries $SKIPPED = array( 'ok', 'edit', 'terms', 'pay_type' - ); + ); - // Save sponsor data - $DATA = array( + // Save sponsor data + $DATA = array( 'keys' => array(), 'values' => array() - ); + ); // Check if sponsor already exists - foreach ($POST as $k => $v) { + foreach ($postData as $k => $v) { if (!(array_search($k, $SKIPPED) > -1)) { // Check only posted input entries not the submit button switch ($k) @@ -74,13 +74,13 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() $SAVE = false; } else { // Do we want to add a new sponsor or update his data? - $result = SQL_QUERY_ESC("SELECT `id` FROM `{!_MYSQL_PREFIX!}_sponsor_data` WHERE email='%s' LIMIT 1", - array($POST['email']), __FUNCTION__, __LINE__); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE email='%s' LIMIT 1", + array($postData['email']), __FUNCTION__, __LINE__); // Is a sponsor alread in the db? if (SQL_NUMROWS($result) == 1) { // Yes, he is! - if ((getWhat() == 'add_sponsor') || ($NO_UPDATE)) { + if ((getWhat() == 'add_sponsor') || ($update)) { // Already found! $ALREADY = true; } else { @@ -108,7 +108,7 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() default: // Test if there is are time selections - convertSelectionsToTimestamp($POST, $DATA, $k, $skip); + convertSelectionsToTimestamp($postData, $DATA, $k, $skip); break; } @@ -120,9 +120,9 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() } // Save sponsor? - if ($SAVE) { + if ($SAVE === true) { // Default is no force even when a guest want to abuse this force switch - if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0; + if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0'; // SQL and message string is empty by default $sql = ''; $message = ''; @@ -130,23 +130,23 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() // Update? if ($UPDATE) { // Update his data - $sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET "; + $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET "; foreach ($DATA['keys'] as $k => $v) { $sql .= $v."='%s', "; } // Remove last ", " from SQL string $sql = substr($sql, 0, -2)." WHERE `id`='%s' LIMIT 1"; - $DATA['values'][] = bigintval(REQUEST_GET('id')); + $DATA['values'][] = bigintval(getRequestElement('id')); // Generate message - $message = SPONSOR_GET_MESSAGE(ADMIN_SPONSOR_UPDATED, "updated", $messageArray); + $message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_UPDATED'), 'updated', $messageArray); $ret = "updated"; - } elseif ((!$ALREADY) || (($POST['force'] == '1') && (IS_ADMIN()))) { + } elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) { // Add new sponsor, first add more data - $DATA['keys'][] = "sponsor_created"; $DATA['values'][] = time(); + $DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time(); $DATA['keys'][] = 'status'; - if ((!$NO_UPDATE) && (IS_ADMIN()) && (getWhat() == "add_sponsor")) { + if (($update === true) && (isAdmin()) && (getWhat() == 'add_sponsor')) { // Only allowed for admin $DATA['values'][] = 'PENDING'; } else { @@ -154,40 +154,40 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() $DATA['values'][] = 'UNCONFIRMED'; // Generate hash code - $DATA['keys'][] = "hash"; - $DATA['values'][] = md5(session_id().':'.$POST['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time()); - $DATA['keys'][] = "remote_addr"; + $DATA['keys'][] = 'hash'; + $DATA['values'][] = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time()); + $DATA['keys'][] = 'remote_addr'; $DATA['values'][] = detectRemoteAddr(); } // Implode all data into strings - $KEYS = implode(", " , $DATA['keys']); + $KEYS = implode("`, `" , $DATA['keys']); $valueS = str_repeat("%s', '", count($DATA['values']) - 1); // Generate string - $sql = "INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_data` (".$KEYS.") VALUES ('".$valueS."%s')"; + $sql = "INSERT INTO `{?_MYSQL_PREFIX?}_sponsor_data` (`".$KEYS."`) VALUES ('".$valueS."%s')"; // Generate message - $message = SPONSOR_GET_MESSAGE(getMessage('ADMIN_SPONSOR_ADDED'), "added", $messageArray); - $ret = "added"; - } elseif ((!$NO_UPDATE) && (IS_ADMIN())) { + $message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_ADDED'), "added", $messageArray); + $ret = 'added'; + } elseif (($update === true) && (isAdmin())) { // Add all data as hidden data $OUT = ''; - foreach ($POST as $k => $v) { + foreach ($postData as $k => $v) { // Do not add 'force' ! if ($k != "force") { $OUT .= "\n"; } } - define('__HIDDEN_DATA', $OUT); - define('__EMAIL' , $POST['email']); + $content['hidden'] = $OUT; + $content['email'] = $postData['email']; // Ask for adding a sponsor with same email address - LOAD_TEMPLATE("admin_add_sponsor_already"); + loadTemplate('admin_add_sponsor_already', false, $content); return; } else { // Already added! - $message = sprintf(getMessage('SPONSOR_ALREADY_FOUND', $POST['email'])); + $message = sprintf(getMessage('SPONSOR_ALREADY_FOUND'), $postData['email']); $ret = 'already'; } @@ -197,18 +197,19 @@ function SPONSOR_HANDLE_SPONSOR (&$POST, $NO_UPDATE=false, $messageArray=array() } // END - if // Output message - if ((!$NO_UPDATE) && (IS_ADMIN())) { - LOAD_TEMPLATE('admin_settings_saved', false, $message); + if (($update === true) && (isAdmin())) { + loadTemplate('admin_settings_saved', false, $message); } // END - if } else { // Error found! - $message = SPONSOR_GET_MESSAGE(getMessage('SPONSOR_DATA_NOT_SAVED'), 'failed', $messageArray); - LOAD_TEMPLATE('admin_settings_saved', false, $message); + $message = getMessageFromIndexedArray(getMessage('SPONSOR_DATA_NOT_SAVED'), 'failed', $messageArray); + loadTemplate('admin_settings_saved', false, $message); } // Shall we return the status? if ($RET_STATUS === true) return $ret; } + // function sponsorTranslateUserStatus ($status) { // Construct constant name @@ -220,36 +221,23 @@ function sponsorTranslateUserStatus ($status) { $ret = constant($constantName); } else { // Not found! - DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); + logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); $ret = sprintf(getMessage('UNKNOWN_STATUS'), $status); } return $ret; } + // Search for an email address in the database -function SPONSOR_FOUND_EMAIL_DB ($email) { +function isSponsorRegisteredWithEmail ($email) { // Do we already have the provided email address in our DB? - $ret = (GET_TOTAL_DATA($email, "sponsor_data", 'id', 'email', true) == 1); - - // Return result - return $ret; -} -// -function SPONSOR_GET_MESSAGE ($message, $pos, $array) { - // Check if the requested message was found in array - if (isset($array[$pos])) { - // ... if yes then use it! - $ret = $array[$pos]; - } else { - // ... else use default message - $ret = $message; - } + $ret = (countSumTotalData($email, 'sponsor_data', 'id', 'email', true) == 1); // Return result return $ret; } -// -function IS_SPONSOR () { +// Wether the current user is a sponsor +function isSponsor () { // Failed... $ret = false; if ((isSessionVariableSet('sponsorid')) && (isSessionVariableSet('sponsorpass'))) { @@ -257,7 +245,7 @@ function IS_SPONSOR () { $result = SQL_QUERY_ESC("SELECT `id` FROM - `{!_MYSQL_PREFIX!}_sponsor_data` + `{?_MYSQL_PREFIX?}_sponsor_data` WHERE `id`='%s' AND `password`='%s' AND `status`='CONFIRMED' LIMIT 1", @@ -277,22 +265,22 @@ LIMIT 1", // Return status return $ret; } + // -function GENERATE_SPONSOR_MENU($current) -{ +function addSponsorMenu ($current) { $OUT = ''; $WHERE = " AND active='Y'"; - if (IS_ADMIN()) $WHERE = ''; + if (isAdmin()) $WHERE = ''; // Load main menu entries - $result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{!_MYSQL_PREFIX!}_sponsor_menu` + $result_main = SQL_QUERY("SELECT action AS main_action, title AS main_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu` WHERE (`what`='' OR `what` IS NULL) ".$WHERE." ORDER BY `sort`", __FUNCTION__, __LINE__); if (SQL_NUMROWS($result_main) > 0) { // Load every menu and it's sub menus while ($content = SQL_FETCHARRAY($result_main)) { // Load sub menus - $result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{!_MYSQL_PREFIX!}_sponsor_menu` + $result_sub = SQL_QUERY_ESC("SELECT what AS sub_what, title AS sub_title FROM `{?_MYSQL_PREFIX?}_sponsor_menu` WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$WHERE." ORDER BY `sort`", array($content['main_action']), __FUNCTION__, __LINE__); @@ -313,7 +301,7 @@ ORDER BY `sort`", ); // Load row template - $SUB .= LOAD_TEMPLATE("sponsor_what", true, $content); + $SUB .= loadTemplate('sponsor_what', true, $content); } // Prepare data for the main template @@ -323,10 +311,10 @@ ORDER BY `sort`", ); // Load menu template - $OUT .= LOAD_TEMPLATE("sponsor_action", true, $content); + $OUT .= loadTemplate('sponsor_action', true, $content); } else { // No sub menus active - $OUT .= LOAD_TEMPLATE('admin_settings_saved', true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE')); + $OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_SUB_MENUS_ACTIVE')); } // Free memory @@ -334,7 +322,7 @@ ORDER BY `sort`", } } else { // No main menus active - $OUT .= LOAD_TEMPLATE('admin_settings_saved', true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE')); + $OUT .= loadTemplate('admin_settings_saved', true, getMessage('SPONSOR_NO_MAIN_MENUS_ACTIVE')); } // Free memory @@ -345,7 +333,7 @@ ORDER BY `sort`", } // -function GENERATE_SPONSOR_CONTENT ($what) { +function addSponsorContent ($what) { $OUT = ''; $INC = sprintf("inc/modules/sponsor/%s.php", $what); if (isIncludeReadable($INC)) { @@ -353,7 +341,7 @@ function GENERATE_SPONSOR_CONTENT ($what) { loadIncludeOnce($INC); } else { // File not found! - $OUT .= LOAD_TEMPLATE('admin_settings_saved', true, sprintf(getMessage('SPONSOR_CONTENT_404'), $what)); + $OUT .= loadTemplate('admin_settings_saved', true, sprintf(getMessage('SPONSOR_CONTENT_404'), $what)); } // Return content @@ -361,17 +349,20 @@ function GENERATE_SPONSOR_CONTENT ($what) { } // -function UPDATE_SPONSOR_LOGIN () { +function updateSponsorLogin () { // Failed by default $login = false; // Is sponsor? - if (IS_SPONSOR()) { + if (isSponsor()) { // Update last online timestamp - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` -SET last_online=UNIX_TIMESTAMP() -WHERE `id`='%s' AND password='%s' LIMIT 1", - array(bigintval(getSession('sponsorid')), getSession('sponsorpass')), __FUNCTION__, __LINE__); + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` +SET `last_online`=UNIX_TIMESTAMP() +WHERE `id`='%s' AND `password`='%s' LIMIT 1", + array( + bigintval(getSession('sponsorid')), + getSession('sponsorpass') + ), __FUNCTION__, __LINE__); // This update went fine? $login = (SQL_AFFECTEDROWS() == 1); @@ -380,8 +371,9 @@ WHERE `id`='%s' AND password='%s' LIMIT 1", // Return status return $login; } -// -function SPONSOR_SAVE_DATA ($POST, $content) { + +// Saves sponsor's data +function saveSponsorData ($postData, $content) { $EMAIL = false; // Unsecure data which we don't want @@ -393,17 +385,17 @@ function SPONSOR_SAVE_DATA ($POST, $content) { $message = getMessage('SPONSOR_ACCOUNT_DATA_NOT_SAVED'); // Check for submitted passwords - if ((!empty($POST['pass1'])) && (!empty($POST['pass2']))) { + if ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) { // Are both passwords the same? - if ($POST['pass1'] == $POST['pass2']) { + if ($postData['pass1'] == $postData['pass2']) { // Okay, then set password and remove pass1 and pass2 - $POST['password'] = md5($POST['pass1']); + $postData['password'] = md5($postData['pass1']); } // END - if } // END - if // Remove all (maybe spoofed) unsafe data from array foreach ($UNSAFE as $remove) { - unset($POST[$remove]); + unset($postData[$remove]); } // END - foreach // This array is for the submitted data which we will use with the SQL_QUERY_ESC() function to @@ -411,29 +403,26 @@ function SPONSOR_SAVE_DATA ($POST, $content) { $DATA = array(); // Prepare SQL string - $sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET"; - foreach ($POST as $key => $value) { + $sql = "UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET"; + foreach ($postData as $key => $value) { // Mmmmm, too less security here??? - $sql .= " ".strip_tags($key)."='%s',"; + $sql .= " `".secureString($key)."`='%s',"; // We will secure this later inside the SQL_QUERY_ESC() function - $DATA[] = strip_tags($value); - - // Compile {SLASH} and so on for the email templates - $POST[$key] = COMPILE_CODE($value); + $DATA[] = secureString($value); } // END - foreach // Check if email has changed - if ((!empty($content['email'])) && (!empty($POST['email']))) { - if ($content['email'] != $POST['email']) { + if ((!empty($content['email'])) && (!empty($postData['email']))) { + if ($content['email'] != $postData['email']) { // Change email address $EMAIL = true; // Okay, has changed then add status with UNCONFIRMED and new hash code - $sql .= " `status`='EMAIL', hash='%s',"; + $sql .= " `status`='EMAIL', `hash`='%s',"; // Generate hash code - $HASH = md5(session_id().':'.$POST['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time()); + $HASH = md5(session_id().':'.$postData['email'].':'.detectRemoteAddr().':'.detectUserAgent().':'.time()); $DATA[] = $HASH; } // END - if } // END - if @@ -449,31 +438,31 @@ function SPONSOR_SAVE_DATA ($POST, $content) { // Saving data was completed... ufff... switch (getWhat()) { - case "account": // Change account data + case 'account': // Change account data if ($EMAIL === true) { $message = getMessage('SPONSOR_ACCOUNT_EMAIL_CHANGED'); - $templ = "admin_sponsor_change_email"; + $templ = 'admin_sponsor_change_email'; $subj = getMessage('ADMIN_SPONSOR_ACC_EMAIL_SUBJ'); } else { $message = getMessage('SPONSOR_ACCOUNT_DATA_SAVED'); - $templ = "admin_sponsor_change_data"; + $templ = 'admin_sponsor_change_data'; $subj = getMessage('ADMIN_SPONSOR_ACC_DATA_SUBJ'); } break; - case "settings": // Change settings + case 'settings': // Change settings // Translate some data $content['receive'] = translateYesNo($content['receive_warnings']); $content['interval'] = createFancyTime($content['warning_interval']); // Set message template and subject for admin $message = getMessage('SPONSOR_SETTINGS_SAVED'); - $templ = "admin_sponsor_settings"; + $templ = 'admin_sponsor_settings'; $subj = getMessage('ADMIN_SPONSOR_SETTINGS_SUBJ'); break; default: // Unknown sponsor what value! - DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat())); + logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown sponsor module (what) %s detected.", getWhat())); $message = sprintf(getMessage('SPONSOR_UNKNOWN_WHAT'), getWhat()); $templ = ''; $subj = ''; break; @@ -485,14 +474,13 @@ function SPONSOR_SAVE_DATA ($POST, $content) { $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__); // Add all data to content - global $DATA; - $DATA = $POST; + $content['new_data'] = $postData; // Change some data - if (isset($content['gender'])) $content['gender'] = translateGender($content['gender']); - if (isset($DATA['gender'])) $DATA['gender'] = translateGender($DATA['gender']); - if (isset($content['receive_warnings'])) $DATA['receive'] = translateYesNo($POST['receive_warnings']); - if (isset($content['warning_interval'])) $DATA['interval'] = createFancyTime($POST['warning_interval']); + if (isset($content['gender'])) $content['gender'] = translateGender($content['gender']); + if (isset($content['new_data']['gender'])) $content['new_data']['gender'] = translateGender($content['new_data']['gender']); + if (isset($content['receive_warnings'])) $content['new_data']['receive'] = translateYesNo($content['new_data']['receive_warnings']); + if (isset($content['warning_interval'])) $content['new_data']['interval'] = createFancyTime($content['new_data']['warning_interval']); // Send email to admins sendAdminNotification($subj, $templ, $content); @@ -505,8 +493,8 @@ function SPONSOR_SAVE_DATA ($POST, $content) { // First to old address switch (getWhat()) { - case "account": // Change account data - $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_data", $content); + case 'account': // Change account data + $email_msg = loadEmailTemplate('sponsor_change_data', $content); sendEmail($content['email'], getMessage('SPONSOR_ACC_DATA_SUBJ'), $email_msg); if ($EMAIL === true) { @@ -514,14 +502,14 @@ function SPONSOR_SAVE_DATA ($POST, $content) { $content['hash'] = $HASH; // Second mail goes to the new address - $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_change_email", $content); + $email_msg = loadEmailTemplate('sponsor_change_email', $content); sendEmail($content['email'], getMessage('SPONSOR_ACC_EMAIL_SUBJ'), $email_msg); } break; - case "settings": // Change settings + case 'settings': // Change settings // Send email - $email_msg = LOAD_EMAIL_TEMPLATE("sponsor_settings", $content); + $email_msg = loadEmailTemplate('sponsor_settings', $content); sendEmail($content['email'], getMessage('SPONSOR_SETTINGS_SUBJ'), $email_msg); break; } @@ -533,5 +521,5 @@ function SPONSOR_SAVE_DATA ($POST, $content) { return $message; } -// +// [EOF] ?>