X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=6c8726452a444b157fcdd5363aeab4418633a34b;hp=e4fb6d12e03187373b58d45cca7fa9d3c122b0b1;hb=2379934be6a196a54f4155bb8e24c49b20736969;hpb=fc162164725588cf75969f707faead9c9cd8e68b diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index e4fb6d12e0..6c8726452a 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -14,11 +14,9 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * + * Copyright (c) 2009 - 2011 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -43,35 +41,41 @@ if (!defined('__SECURITY')) { } // END - if // Add description as navigation point -addMenuDescription('guest', __FILE__); +addYouAreHereLink('guest', __FILE__); if ((!isExtensionActive('sponsor'))) { - loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor')); + displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}'); return; -} // END - if +} elseif (isSponsor()) { + // Is already a logged-in sponsor + redirectToUrl('modules.php?module=sponsor'); +} $mode = ''; -if (isGetRequestParameterSet('mode')) { +if (isGetRequestElementSet('mode')) { // A "special" mode of the login system was requested - switch (getRequestParameter('mode')) { + switch (getRequestElement('mode')) { case 'activate' : $mode = 'activate'; break; // Activation link requested case 'lost_pass': $mode = 'lost_pass'; break; // Request new password } // END - switch } // END - if // Check if hash for confirmation of email address is given... -if (isGetRequestParameterSet('hash')) { +if (isGetRequestElementSet('hash')) { // Lookup sponsor $result = SQL_QUERY_ESC("SELECT - `id`, `status`, `gender`, `surname`, `family`, - `company`, `position`, `tax_ident`, - `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`, - `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr + `id`,`status`,`gender`,`surname`,`family`, + `company`,`position`,`tax_ident`, + `street_nr1`,`street_nr2`,`country`,`zip`,`city`,`email`,`phone`,`fax`,`cell`, + `points_amount` AS `points`,`last_payment`,`last_currency` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE - `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') -LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); + `hash`='%s' AND ( + `status`='UNCONFIRMED' OR + `status`='EMAIL' + ) +LIMIT 1", array(getRequestElement('hash')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... $data = SQL_FETCHARRAY($result); @@ -82,60 +86,62 @@ LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='PENDING' + `status`='PENDING', + `hash`=NULL WHERE `id`=%s AND - hash='%s' AND + `hash`='%s' AND `status`='UNCONFIRMED' LIMIT 1", array( bigintval($data['id']), - getRequestParameter('hash') + getRequestElement('hash') ), __FILE__, __LINE__); // Check on success - if (SQL_AFFECTEDROWS() == 1) { + if (!SQL_HASZEROAFFECTED()) { // Prepare mail and send it to the sponsor $message = loadEmailTemplate('sponsor_pending', $data); - sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJ--}', $message); + sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message); // Send email to admin - sendAdminNotification(getMessage('ADMIN_NEW_SPONSOR'), 'admin_sponsor_pending', $data); + sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data); // Sponsor account set to pending - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_PENDING--}'); + displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_PENDING_FAILED--}'); + displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}'); } } elseif ($data['status'] == 'EMAIL') { // Changed email adress need to be confirmed SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='CONFIRMED' + `status`='CONFIRMED', + `hash`=NULL WHERE - `id`='%s' AND + `id`=%s AND `hash`='%s' AND `status`='EMAIL' LIMIT 1", - array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__); + array(bigintval($data['id']), getRequestElement('hash')), __FILE__, __LINE__); // Check on success - if (SQL_AFFECTEDROWS() == 1) { + if (!SQL_HASZEROAFFECTED()) { // Sponsor account is unlocked again - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}'); + displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_EMAIL_FAILED--}'); + displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}'); } } else { - /// ??? Other status? - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_STATUS_FAILED--}'); + // ??? Other status? + displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}'); } } else { // No sponsor found - loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash'))); + displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestElement('hash') . '%}'); } // Free memory @@ -144,15 +150,21 @@ LIMIT 1", // Send activation link again if (isFormSent()) { // Check submitted data - if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok'); + if (!isPostRequestElementSet('email')) unsetPostRequestElement('ok'); } if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", - array(postRequestParameter('email')), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `id`,`hash`,`status`,`remote_addr`,`gender`,`surname`,`family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + '%s' REGEXP `email` AND + (`status`='UNCONFIRMED' OR `status`='EMAIL') +LIMIT 1", + array(postRequestElement('email')), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { @@ -170,13 +182,13 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", // Confirmed email address $message_sponsor = loadEmailTemplate('sponsor_email', $data); } - sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJ--}', $message_sponsor); + sendEmail(postRequestElement('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor); // Output message - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_SENT--}'); + displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_404--}'); + displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}'); } // Free memory @@ -189,31 +201,35 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", // Send new password if (isFormSent()) { // Check submitted data - if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok'); + if (!isPostRequestElementSet('email')) unsetPostRequestElement('ok'); } // END - if if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created` -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", - array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `id`,`hash`,`remote_addr`,`gender`,`surname`,`family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + '%s' REGEXP `email` AND + `id`=%s AND + `status`='CONFIRMED' +LIMIT 1", + array(postRequestElement('email'), bigintval(postRequestElement('id'))), __FILE__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Unconfirmed sponsor account found so let's load the requested data - $DATA = SQL_FETCHARRAY($result); + $content = SQL_FETCHARRAY($result); - // Translate some data - $DATA['gender'] = translateGender($DATA['gender']); - $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); - - // Generate password - $DATA['password'] = generatePassword(); + // Generate password/translate some data + $content['password'] = generatePassword(); + $content['sponsor_created'] = generateDateTime($content['sponsor_created']); // Prepare email and send it to the sponsor - $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA); - sendEmail(postRequestParameter('email'), '{--SPONSOR_LOST_PASSWORD_SUBJ--}', $message_sponsor); + $message_sponsor = loadEmailTemplate('sponsor_lost', $content); + sendEmail(postRequestElement('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor); // Update password SQL_QUERY_ESC("UPDATE @@ -223,13 +239,13 @@ SET WHERE `id`=%s LIMIT 1", - array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__); + array(md5($content['password']), bigintval($content['id'])), __FILE__, __LINE__); // Output message - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_SENT--}'); + displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_404--}'); + displayMessage('{--SPONSOR_LOST_PASSWORD_404--}'); } // Free memory @@ -240,17 +256,26 @@ LIMIT 1", } } elseif (isFormSent()) { // Check status and login data ... - $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `id`='%s' AND password='%s' LIMIT 1", - array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `status` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `id`=%s AND + `password`='%s' +LIMIT 1", + array( + bigintval(postRequestElement('sponsor_id')), + md5(postRequestElement('password')) + ), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? list($status) = SQL_FETCHROW($result); if ($status == 'CONFIRMED') { // Is confirmed so both is fine and we can continue with login procedure - $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) && - (setSession('sponsorpass', md5(postRequestParameter('pass')) )) + $login = ((setSession('sponsor_id' , bigintval(postRequestElement('sponsor_id')))) && + (setSession('sponsor_pass', md5(postRequestElement('password')) )) ); if ($login === true) { @@ -258,21 +283,21 @@ WHERE `id`='%s' AND password='%s' LIMIT 1", redirectToUrl('modules.php?module=sponsor'); } else { // Cookie setup failed! - loadTemplate('admin_settings_saved', false, '{--SPONSPOR_COOKIE_SETUP_FAILED--}'); + displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Status is not fine - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}'); + displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Account missing or wrong pass! We shall not find this out for the "cracker folks"... - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}'); + displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}'); // Login formular and other links loadTemplate('guest_sponsor_login');