X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=7082a5cf0cf17c01ce88da9347fecea4c9da23b5;hp=77a6db57c7d3d347b193daace3a967898eae63af;hb=391c98ab7233ff3e640d8b9fad8df92ce45e9b31;hpb=9beb33ae0c3194b05d172508768a833b1b69af2f

diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php
index 77a6db57c7..7082a5cf0c 100644
--- a/inc/modules/guest/what-sponsor_login.php
+++ b/inc/modules/guest/what-sponsor_login.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 06/10/2005 *
- * ===============                              Last change: 05/18/2008 *
+ * Mailer v0.2.1-FINAL                                Start: 06/10/2005 *
+ * ===================                          Last change: 05/18/2008 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : what-sponsor_login.php                           *
@@ -10,14 +10,19 @@
  * -------------------------------------------------------------------- *
  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
  * -------------------------------------------------------------------- *
- *                                                                      *
+ * $Revision::                                                        $ *
+ * $Date::                                                            $ *
+ * $Tag:: 0.2.1-FINAL                                                 $ *
+ * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * Copyright (c) 2003 - 2009 by Roland Haeder                           *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team                   *
  * For more information visit: http://www.mxchange.org                  *
  *                                                                      *
- * This program is free software. You can redistribute it and/or modify *
+ * This program is free software; you can redistribute it and/or modify *
  * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License.       *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
  *                                                                      *
  * This program is distributed in the hope that it will be useful,      *
  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
@@ -31,294 +36,279 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
-	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
-	require($INC);
-}
+if (!defined('__SECURITY')) {
+	die();
+} // END - if
 
 // Add description as navigation point
-ADD_DESCR("guest", basename(__FILE__));
+addYouAreHereLink('guest', __FILE__);
 
-$MODE = "";
-if (!empty($HTTP_GET_VARS['mode']))
-{
-	// A "special" mode of the login system was requested
-	switch ($HTTP_GET_VARS['mode'])
-	{
-		case "activate" : $MODE = "activate";  break; // Activation link requested
-		case "lost_pass": $MODE = "lost_pass"; break; // Request new password
-	}
+if ((!isExtensionActive('sponsor'))) {
+	displayMessage(generateExtensionInactiveNotInstalledMessage('sponsor'));
+	return;
+} elseif (isSponsor()) {
+	// Is already a logged-in sponsor
+	redirectToUrl('modules.php?module=sponsor');
 }
 
+$mode = '';
+if (isGetRequestParameterSet('mode')) {
+	// A "special" mode of the login system was requested
+	switch (getRequestParameter('mode')) {
+		case 'activate' : $mode = 'activate';  break; // Activation link requested
+		case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
+	} // END - switch
+} // END - if
+
 // Check if hash for confirmation of email address is given...
-if (!empty($HTTP_GET_VARS['hash']))
-{
+if (isGetRequestParameterSet('hash')) {
 	// Lookup sponsor
-	$result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
-company, position, tax_ident,
-street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
-points_amount AS points, last_pay AS pay, last_curr AS curr
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
-LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 1)
-	{
+	$result = SQL_QUERY_ESC("SELECT
+	`id`, `status`, `gender`, `surname`, `family`,
+	`company`, `position`, `tax_ident`,
+	`street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
+	`points_amount` AS `points`, `last_payment`, `last_currency`
+FROM
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+	`hash`='%s' AND (
+		`status`='UNCONFIRMED' OR
+		`status`='EMAIL'
+	)
+LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__);
+	if (SQL_NUMROWS($result) == 1) {
 		// Sponsor found, load his data...
-		$SPONSOR = SQL_FETCHARRAY($result);
-
-		// Translate salut and comma
-		$SPONSOR['salut']  = TRANSLATE_SEX($SPONSOR['salut']);
-		$SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
-		$SPONSOR['pay']    = TRANSLATE_COMMA($SPONSOR['pay']);
+		$data = SQL_FETCHARRAY($result);
 
 		// Unconfirmed account or changed email address?
-		if ($SPONSOR['status'] == "UNCONFIRMED")
-		{
+		if ($data['status'] == 'UNCONFIRMED') {
 			// Set account to pending
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
-WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
- array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+SET
+	`status`='PENDING',
+	`hash`=NULL
+WHERE
+	`id`=%s AND
+	`hash`='%s' AND
+	`status`='UNCONFIRMED'
+LIMIT 1",
+				array(
+					bigintval($data['id']),
+					getRequestParameter('hash')
+				), __FILE__, __LINE__);
 
-			// Check on success 
-			if (SQL_AFFECTEDROWS($link) == 1)
-			{
+			// Check on success
+			if (!SQL_HASZEROAFFECTED()) {
 				// Prepare mail and send it to the sponsor
-				$MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
-				SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
+				$message = loadEmailTemplate('sponsor_pending', $data);
+				sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
 
 				// Send email to admin
-				if (GET_EXT_VERSION("admins") >= "0.4.1")
-				{
-					// Use new system
-					SEND_ADMIN_EMAILS_PRO (ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
-				}
-				 else
-				{
-					// Send over old system
-					$msg_admin = LOAD_EMAIL_TEMPLATE("admin_sponsor_pending", $SPONSOR);
-					SEND_ADMIN_EMAILS (ADMIN_NEW_SPONSOR, $msg_admin);
-				}
+				sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
 
 				// Sponsor account set to pending
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
-			}
-			 else
-			{
+				displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}');
+			} else {
 				// Could not unlock account!
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
+				displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
 			}
-		}
-		 elseif ($SPONSOR['status'] == "EMAIL")
-		{
+		} elseif ($data['status'] == 'EMAIL') {
 			// Changed email adress need to be confirmed
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
-WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
- array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+SET
+	`status`='CONFIRMED',
+	`hash`=NULL
+WHERE
+	`id`=%s AND
+	`hash`='%s' AND
+	`status`='EMAIL'
+LIMIT 1",
+				array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__);
 
-			// Check on success 
-			if (SQL_AFFECTEDROWS($link) == 1)
-			{
+			// Check on success
+			if (!SQL_HASZEROAFFECTED()) {
 				// Sponsor account is unlocked again
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
-			}
-			 else
-			{
+				displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
+			} else {
 				// Could not unlock account!
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
+				displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
 			}
-		}
-		 else
-		{
+		} else {
 			/// ??? Other status?
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
+			displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
 		}
-	}
-	 else
-	{
+	} else {
 		// No sponsor found
-		LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
+		displayMessage(getMaskedMessage('SPONSOR_ACCOUNT_404', getRequestParameter('hash')));
 	}
 
 	// Free memory
 	SQL_FREERESULT($result);
-}
- elseif ($MODE == "activate")
-{
+} elseif ($mode == 'activate') {
 	// Send activation link again
-	if (isset($HTTP_POST_VARS['ok']))
-	{
+	if (isFormSent()) {
 		// Check submitted data
-		if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
+		if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
 	}
 
-	if (isset($HTTP_POST_VARS['ok']))
-	{
+	if (isFormSent()) {
 		// Check email
-		$result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+		$result = SQL_QUERY_ESC("SELECT
+	`id`, `hash`, `status`, `remote_addr`, `gender`, `surname`, `family`,
+	UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
+FROM
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+	`email`='%s' AND
+	(`status`='UNCONFIRMED' OR `status`='EMAIL')
+LIMIT 1",
+		array(postRequestParameter('email')), __FILE__, __LINE__);
+
+		// Entry found?
+		if (SQL_NUMROWS($result) == 1) {
 			// Unconfirmed sponsor account found so let's load the requested data
-			$SPONSOR = SQL_FETCHARRAY($result);
+			$data = SQL_FETCHARRAY($result);
 
 			// Translate some data
-			$SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
-			$SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
+			$data['sponsor_created'] = generateDateTime($data['sponsor_created']);
 
 			// Prepare email and send it to the sponsor
-			if ($SPONSOR['status'] == "UNCONFIRMED")
-			{
+			if ($data['status'] == 'UNCONFIRMED') {
 				// Unconfirmed accounts
-				$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
-			}
-			 else
-			{
+				$message_sponsor = loadEmailTemplate('sponsor_activate', $data);
+			} else {
 				// Confirmed email address
-				$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
+				$message_sponsor = loadEmailTemplate('sponsor_email', $data);
 			}
-			SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
+			sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
 
 			// Output message
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
-		}
-		 else
-		{
+			displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}');
+		} else {
 			// No account found or not UNCONFIRMED
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
+			displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}');
 		}
 
 		// Free memory
 		SQL_FREERESULT($result);
-	}
-	 else
-	{
+	} else {
 		// Load form
-		LOAD_TEMPLATE("guest_sponsor_activate");
+		loadTemplate('guest_sponsor_activate');
 	}
-}
- elseif ($MODE == "lost_pass")
-{
+} elseif ($mode == 'lost_pass') {
 	// Send new password
-	if (isset($HTTP_POST_VARS['ok']))
-	{
+	if (isFormSent()) {
 		// Check submitted data
-		if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
-	}
+		if (!isPostRequestParameterSet('email')) unsetPostRequestParameter('ok');
+	} // END - if
 
-	if (isset($HTTP_POST_VARS['ok']))
-	{
+	if (isFormSent()) {
 		// Check email
-		$result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
-FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
-			// Unconfirmed sponsor account found so let's load the requested data
-			$SPONSOR = SQL_FETCHARRAY($result);
+		$result = SQL_QUERY_ESC("SELECT
+	`id`, `hash`, `remote_addr`, `gender`, `surname`, `family`,
+	UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
+FROM
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+	`email`='%s' AND
+	`id`=%s AND
+	`status`='CONFIRMED'
+LIMIT 1",
+		array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
 
-			// Translate some data
-			$SPONSOR['salut']           = TRANSLATE_SEX($SPONSOR['salut']);
-			$SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
+		// Entry found?
+		if (SQL_NUMROWS($result) == 1) {
+			// Unconfirmed sponsor account found so let's load the requested data
+			$DATA = SQL_FETCHARRAY($result);
 
-			// Generate password
-			$SPONSOR['password']        = GEN_PASS();
+			// Generate password/translate some data
+			$DATA['password']        = generatePassword();
+			$DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']);
 
 			// Prepare email and send it to the sponsor
-			$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
-			SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
+			$message_sponsor = loadEmailTemplate('sponsor_lost', $DATA);
+			sendEmail(postRequestParameter('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
 
 			// Update password
-			$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
-WHERE id='%s' LIMIT 1",
- array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+SET
+	`password`='%s'
+WHERE
+	`id`=%s
+LIMIT 1",
+				array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__);
 
 			// Output message
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
-		}
-		 else
-		{
+			displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}');
+		} else {
 			// No account found or not UNCONFIRMED
-			LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
+			displayMessage('{--SPONSOR_LOST_PASSWORD_404--}');
 		}
 
 		// Free memory
 		SQL_FREERESULT($result);
-	}
-	 else
-	{
+	} else {
 		// Load form
-		LOAD_TEMPLATE("guest_sponsor_lost");
+		loadTemplate('guest_sponsor_lost');
 	}
-}
- elseif (isset($HTTP_POST_VARS['ok']))
-{
+} elseif (isFormSent()) {
 	// Check status and login data ...
-	$result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
-WHERE id='%s' AND password='%s' LIMIT 1",
- array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 1)
-	{
+	$result = SQL_QUERY_ESC("SELECT
+	`status`
+FROM
+	`{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+	`id`=%s AND
+	`password`='%s'
+LIMIT 1",
+	array(
+		bigintval(postRequestParameter('sponsor_id')),
+		md5(postRequestParameter('password'))
+	), __FILE__, __LINE__);
+
+	if (SQL_NUMROWS($result) == 1) {
 		// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 		list($status) = SQL_FETCHROW($result);
-		if ($status == "CONFIRMED")
-		{
-			// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
-			// seperate timeout for these two cookies?
-			$life = (time() + $CONFIG['online_timeout']);
-
+		if ($status == 'CONFIRMED') {
 			// Is confirmed so both is fine and we can continue with login procedure
-			$login = ((setcookie("sponsorid"  , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
-			          (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass'])           , $life, COOKIE_PATH)));
+			$login = ((setSession('sponsor_id'  , bigintval(postRequestParameter('sponsor_id')))) &&
+			(setSession('sponsor_pass', md5(postRequestParameter('password'))           ))
+			);
 
-			if ($login)
-			{
+			if ($login === true) {
 				// Cookie setup successfull so we can forward to sponsor area
-				LOAD_URL(URL."/modules.php?module=sponsor");
-			}
-			 else
-			{
+				redirectToUrl('modules.php?module=sponsor');
+			} else {
 				// Cookie setup failed!
-				LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
-				OUTPUT_HTML("<BR>");
+				displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}');
 
 				// Login formular and other links
-				LOAD_TEMPLATE("guest_sponsor_login");
+				loadTemplate('guest_sponsor_login');
 			}
-		}
-		 else
-		{
+		} else {
 			// Status is not fine
-			$eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
-			eval($eval);
-			LOAD_TEMPLATE("admin_settings_saved", false, $content);
-			OUTPUT_HTML("<BR>");
+			displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
 
 			// Login formular and other links
-			LOAD_TEMPLATE("guest_sponsor_login");
+			loadTemplate('guest_sponsor_login');
 		}
-	}
-	 else
-	{
-		// Account missing or wrong pass! We shall not find this out for the "hacker folks"...
-		LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
-		OUTPUT_HTML("<BR>");
+	} else {
+		// Account missing or wrong pass! We shall not find this out for the "cracker folks"...
+		displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
 
 		// Login formular and other links
-		LOAD_TEMPLATE("guest_sponsor_login");
+		loadTemplate('guest_sponsor_login');
 	}
 
 	// Free memory
 	SQL_FREERESULT($result);
-}
- else
-{
+} else {
 	// Login formular and other links
-	LOAD_TEMPLATE("guest_sponsor_login");
+	loadTemplate('guest_sponsor_login');
 }
 
-//
+// [EOF]
 ?>