X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=4228bd3cf08bd7de2ccb92ecec62454cef071afd;hp=dc7d2286883ee290feb15852ca161cb019a67b1a;hb=61621983cc6d7195fcc7eab29b5f6080ff283b34;hpb=d92a340159ca45047eafc111fcac64933a7babeb diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index dc7d228688..4228bd3cf0 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -10,15 +10,9 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * For more information visit: http://www.mxchange.org * + * Copyright (c) 2009 - 2016 by Mailer Developer Team * + * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -38,123 +32,147 @@ // Some security stuff... if (!defined('__SECURITY')) { - die(); + exit(); } // END - if // Add description as navigation point -addMenuDescription('guest', __FILE__); +addYouAreHereLink('guest', __FILE__); if ((!isExtensionActive('sponsor'))) { - loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor')); + displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}'); return; -} // END - if +} elseif (isSponsor()) { + // Is already a logged-in sponsor + redirectToUrl('modules.php?module=sponsor'); +} $mode = ''; -if (isGetRequestParameterSet('mode')) { +if (isGetRequestElementSet('do')) { // A "special" mode of the login system was requested - switch (getRequestParameter('mode')) { + switch (getRequestElement('do')) { case 'activate' : $mode = 'activate'; break; // Activation link requested case 'lost_pass': $mode = 'lost_pass'; break; // Request new password } // END - switch } // END - if // Check if hash for confirmation of email address is given... -if (isGetRequestParameterSet('hash')) { +if (isGetRequestElementSet('hash')) { // Lookup sponsor - $result = SQL_QUERY_ESC("SELECT + $result = sqlQueryEscaped("SELECT `id`, `status`, `gender`, `surname`, `family`, `company`, `position`, `tax_ident`, `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`, - `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr + `points_amount` AS `points`, `last_payment`, `last_currency` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE - `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') -LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) { + `hash`='%s' AND ( + `status`='UNCONFIRMED' OR + `status`='EMAIL' + ) +LIMIT 1", array(getRequestElement('hash')), __FILE__, __LINE__); + if (sqlNumRows($result) == 1) { // Sponsor found, load his data... - $data = SQL_FETCHARRAY($result); - - // Translate gender and comma - $data['gender'] = translateGender($data['gender']); - $data['points'] = translateComma($data['points']); - $data['pay'] = translateComma($data['pay']); + $data = sqlFetchArray($result); // Unconfirmed account or changed email address? if ($data['status'] == 'UNCONFIRMED') { // Set account to pending - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `status`='PENDING' -WHERE `id`='%s' AND hash='%s' AND `status`='UNCONFIRMED' LIMIT 1", - array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__); + sqlQueryEscaped("UPDATE + `{?_MYSQL_PREFIX?}_sponsor_data` +SET + `status`='PENDING', + `hash`=NULL +WHERE + `id`=%s AND + `hash`='%s' AND + `status`='UNCONFIRMED' +LIMIT 1", + array( + bigintval($data['id']), + getRequestElement('hash') + ), __FILE__, __LINE__); // Check on success - if (SQL_AFFECTEDROWS() == 1) { + if (!ifSqlHasZeroAffectedRows()) { // Prepare mail and send it to the sponsor $message = loadEmailTemplate('sponsor_pending', $data); - sendEmail($data['email'], getMessage('SPONSOR_ACCOUNT_PENDING_SUBJ'), $message); + sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message); // Send email to admin - sendAdminNotification(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $data); + sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data); // Sponsor account set to pending - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_PENDING')); + displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_PENDING_FAILED')); + displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}'); } } elseif ($data['status'] == 'EMAIL') { // Changed email adress need to be confirmed - SQL_QUERY_ESC("UPDATE + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='CONFIRMED' + `status`='CONFIRMED', + `hash`=NULL WHERE - `id`='%s' AND + `id`=%s AND `hash`='%s' AND `status`='EMAIL' LIMIT 1", - array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__); + array(bigintval($data['id']), getRequestElement('hash')), __FILE__, __LINE__); // Check on success - if (SQL_AFFECTEDROWS() == 1) { + if (!ifSqlHasZeroAffectedRows()) { // Sponsor account is unlocked again - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN')); + displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_EMAIL_FAILED')); + displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}'); } } else { - /// ??? Other status? - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACCOUNT_STATUS_FAILED')); + // ??? Other status? + displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}'); } } else { // No sponsor found - loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash'))); + displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestElement('hash') . '%}'); } // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } elseif ($mode == 'activate') { // Send activation link again - if (isFormSent()) { + if (isFormSent('login')) { // Check submitted data - if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok'); + if (!isPostRequestElementSet('email')) unsetPostRequestElement('login'); } - if (isFormSent()) { + if (isFormSent('login')) { // Check email - $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", - array(postRequestParameter('email')), __FILE__, __LINE__); + $result = sqlQueryEscaped("SELECT + `id`, + `hash`, + `status`, + `remote_addr`, + `gender`, + `surname`, + `family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + '%s' REGEXP `email` AND + (`status`='UNCONFIRMED' OR `status`='EMAIL') +LIMIT 1", + array(postRequestElement('email')), __FILE__, __LINE__); // Entry found? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Unconfirmed sponsor account found so let's load the requested data - $data = SQL_FETCHARRAY($result); + $data = sqlFetchArray($result); // Translate some data - $data['gender'] = translateGender($data['gender']); $data['sponsor_created'] = generateDateTime($data['sponsor_created']); // Prepare email and send it to the sponsor @@ -165,111 +183,134 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", // Confirmed email address $message_sponsor = loadEmailTemplate('sponsor_email', $data); } - sendEmail(postRequestParameter('email'), getMessage('SPONSOR_ACTIVATION_LINK_SUBJ'), $message_sponsor); + sendEmail(postRequestElement('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor); // Output message - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_SENT')); + displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_ACTIVATION_LINK_404')); + displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}'); } // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } else { // Load form loadTemplate('guest_sponsor_activate'); } } elseif ($mode == 'lost_pass') { // Send new password - if (isFormSent()) { + if (isFormSent('login')) { // Check submitted data - if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok'); + if (!isPostRequestElementSet('email')) unsetPostRequestElement('login'); } // END - if - if (isFormSent()) { + if (isFormSent('login')) { // Check email - $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created` -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", - array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__); + $result = sqlQueryEscaped("SELECT + `id`, + `hash`, + `remote_addr`, + `gender`, + `surname`, + `family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + '%s' REGEXP `email` AND + `id`=%s AND + `status`='CONFIRMED' +LIMIT 1", + array(postRequestElement('email'), bigintval(postRequestElement('id'))), __FILE__, __LINE__); // Entry found? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Unconfirmed sponsor account found so let's load the requested data - $DATA = SQL_FETCHARRAY($result); + $content = sqlFetchArray($result); - // Translate some data - $DATA['gender'] = translateGender($DATA['gender']); - $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); - - // Generate password - $DATA['password'] = generatePassword(); + // Generate password/translate some data + $content['password'] = generatePassword(); + $content['sponsor_created'] = generateDateTime($content['sponsor_created']); // Prepare email and send it to the sponsor - $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA); - sendEmail(postRequestParameter('email'), getMessage('SPONSOR_LOST_PASSWORD_SUBJ'), $message_sponsor); + $message_sponsor = loadEmailTemplate('sponsor_lost', $content); + sendEmail(postRequestElement('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor); // Update password - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET `password`='%s' -WHERE `id`='%s' LIMIT 1", - array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__); + sqlQueryEscaped("UPDATE + `{?_MYSQL_PREFIX?}_sponsor_data` +SET + `password`='%s' +WHERE + `id`=%s +LIMIT 1", + array(md5($content['password']), bigintval($content['id'])), __FILE__, __LINE__); // Output message - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_SENT')); + displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOST_PASSWORD_404')); + displayMessage('{--SPONSOR_LOST_PASSWORD_404--}'); } // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } else { // Load form loadTemplate('guest_sponsor_lost'); } -} elseif (isFormSent()) { +} elseif (isFormSent('login')) { // Check status and login data ... - $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `id`='%s' AND password='%s' LIMIT 1", - array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__); + $result = sqlQueryEscaped("SELECT + `status` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `id`=%s AND + `password`='%s' +LIMIT 1", + array( + bigintval(postRequestElement('sponsor_id')), + md5(postRequestElement('password')) + ), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? - list($status) = SQL_FETCHROW($result); + list($status) = sqlFetchRow($result); if ($status == 'CONFIRMED') { // Is confirmed so both is fine and we can continue with login procedure - $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) && - (setSession('sponsorpass', md5(postRequestParameter('pass')) )) + $login = ((setSession('sponsor_id' , bigintval(postRequestElement('sponsor_id')))) && + (setSession('sponsor_pass', md5(postRequestElement('password')) )) ); - if ($login === true) { + if ($login === TRUE) { // Cookie setup successfull so we can forward to sponsor area redirectToUrl('modules.php?module=sponsor'); } else { // Cookie setup failed! - loadTemplate('admin_settings_saved', false, getMessage('SPONSPOR_COOKIE_SETUP_FAILED')); + displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Status is not fine - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '')); + displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Account missing or wrong pass! We shall not find this out for the "cracker folks"... - loadTemplate('admin_settings_saved', false, getMessage('SPONSOR_LOGIN_FAILED_404_WRONG_PASS')); + displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } else { // Login formular and other links loadTemplate('guest_sponsor_login');