X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-sponsor_login.php;h=caaab113579a429136f15defa03c6464dbcda65c;hp=340e211f52649f91172daf7eaf1ef22700e3c33b;hb=0f3a135204757cc8750262871c8e62c42300acb4;hpb=29385a0483bbcbbe940a32a49d488b1d5add15c5 diff --git a/inc/modules/guest/what-sponsor_login.php b/inc/modules/guest/what-sponsor_login.php index 340e211f52..caaab11357 100644 --- a/inc/modules/guest/what-sponsor_login.php +++ b/inc/modules/guest/what-sponsor_login.php @@ -14,11 +14,9 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * + * Copyright (c) 2009 - 2011 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -43,12 +41,15 @@ if (!defined('__SECURITY')) { } // END - if // Add description as navigation point -addMenuDescription('guest', __FILE__); +addYouAreHereLink('guest', __FILE__); if ((!isExtensionActive('sponsor'))) { - loadTemplate('admin_settings_saved', false, generateExtensionInactiveNotInstalledMessage('sponsor')); + displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}'); return; -} // END - if +} elseif (isSponsor()) { + // Is already a logged-in sponsor + redirectToUrl('modules.php?module=sponsor'); +} $mode = ''; if (isGetRequestParameterSet('mode')) { @@ -63,14 +64,17 @@ if (isGetRequestParameterSet('mode')) { if (isGetRequestParameterSet('hash')) { // Lookup sponsor $result = SQL_QUERY_ESC("SELECT - `id`, `status`, `gender`, `surname`, `family`, - `company`, `position`, `tax_ident`, - `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`, - `points_amount` AS points, `last_pay` AS pay, `last_curr` AS curr + `id`,`status`,`gender`,`surname`,`family`, + `company`,`position`,`tax_ident`, + `street_nr1`,`street_nr2`,`country`,`zip`,`city`,`email`,`phone`,`fax`,`cell`, + `points_amount` AS `points`,`last_payment`,`last_currency` FROM `{?_MYSQL_PREFIX?}_sponsor_data` WHERE - `hash='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') + `hash`='%s' AND ( + `status`='UNCONFIRMED' OR + `status`='EMAIL' + ) LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Sponsor found, load his data... @@ -82,10 +86,11 @@ LIMIT 1", array(getRequestParameter('hash')), __FILE__, __LINE__); SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='PENDING' + `status`='PENDING', + `hash`=NULL WHERE `id`=%s AND - hash='%s' AND + `hash`='%s' AND `status`='UNCONFIRMED' LIMIT 1", array( @@ -94,7 +99,7 @@ LIMIT 1", ), __FILE__, __LINE__); // Check on success - if (SQL_AFFECTEDROWS() == 1) { + if (!SQL_HASZEROAFFECTED()) { // Prepare mail and send it to the sponsor $message = loadEmailTemplate('sponsor_pending', $data); sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message); @@ -103,39 +108,40 @@ LIMIT 1", sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data); // Sponsor account set to pending - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_PENDING--}'); + displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_PENDING_FAILED--}'); + displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}'); } } elseif ($data['status'] == 'EMAIL') { // Changed email adress need to be confirmed SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_sponsor_data` SET - `status`='CONFIRMED' + `status`='CONFIRMED', + `hash`=NULL WHERE - `id`='%s' AND + `id`=%s AND `hash`='%s' AND `status`='EMAIL' LIMIT 1", array(bigintval($data['id']), getRequestParameter('hash')), __FILE__, __LINE__); // Check on success - if (SQL_AFFECTEDROWS() == 1) { + if (!SQL_HASZEROAFFECTED()) { // Sponsor account is unlocked again - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}'); + displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}'); } else { // Could not unlock account! - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_EMAIL_FAILED--}'); + displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}'); } } else { - /// ??? Other status? - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACCOUNT_STATUS_FAILED--}'); + // ??? Other status? + displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}'); } } else { // No sponsor found - loadTemplate('admin_settings_saved', false, sprintf(getMessage('SPONSOR_ACCOUNT_404'), getRequestParameter('hash'))); + displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestParameter('hash') . '%}'); } // Free memory @@ -149,9 +155,15 @@ LIMIT 1", if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", + $result = SQL_QUERY_ESC("SELECT + `id`,`hash`,`status`,`remote_addr`,`gender`,`surname`,`family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `email`='%s' AND + (`status`='UNCONFIRMED' OR `status`='EMAIL') +LIMIT 1", array(postRequestParameter('email')), __FILE__, __LINE__); // Entry found? @@ -173,10 +185,10 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", sendEmail(postRequestParameter('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor); // Output message - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_SENT--}'); + displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, '{--SPONSOR_ACTIVATION_LINK_404--}'); + displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}'); } // Free memory @@ -194,9 +206,16 @@ WHERE email='%s' AND (`status`='UNCONFIRMED' OR `status`='EMAIL') LIMIT 1", if (isFormSent()) { // Check email - $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created` -FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT + `id`,`hash`,`remote_addr`,`gender`,`surname`,`family`, + UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `email`='%s' AND + `id`=%s AND + `status`='CONFIRMED' +LIMIT 1", array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__); // Entry found? @@ -204,12 +223,9 @@ WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1", // Unconfirmed sponsor account found so let's load the requested data $DATA = SQL_FETCHARRAY($result); - // Translate some data - $DATA['gender'] = translateGender($DATA['gender']); - $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); - - // Generate password + // Generate password/translate some data $DATA['password'] = generatePassword(); + $DATA['sponsor_created'] = generateDateTime($DATA['sponsor_created']); // Prepare email and send it to the sponsor $message_sponsor = loadEmailTemplate('sponsor_lost', $DATA); @@ -226,10 +242,10 @@ LIMIT 1", array(md5($DATA['password']), bigintval($DATA['id'])), __FILE__, __LINE__); // Output message - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_SENT--}'); + displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}'); } else { // No account found or not UNCONFIRMED - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOST_PASSWORD_404--}'); + displayMessage('{--SPONSOR_LOST_PASSWORD_404--}'); } // Free memory @@ -240,17 +256,26 @@ LIMIT 1", } } elseif (isFormSent()) { // Check status and login data ... - $result = SQL_QUERY_ESC("SELECT status FROM `{?_MYSQL_PREFIX?}_sponsor_data` -WHERE `id`='%s' AND password='%s' LIMIT 1", - array(bigintval(postRequestParameter('sponsorid')), md5(postRequestParameter('pass'))), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT + `status` +FROM + `{?_MYSQL_PREFIX?}_sponsor_data` +WHERE + `id`=%s AND + `password`='%s' +LIMIT 1", + array( + bigintval(postRequestParameter('sponsor_id')), + md5(postRequestParameter('password')) + ), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account? list($status) = SQL_FETCHROW($result); if ($status == 'CONFIRMED') { // Is confirmed so both is fine and we can continue with login procedure - $login = ((setSession('sponsorid' , bigintval(postRequestParameter('sponsorid')))) && - (setSession('sponsorpass', md5(postRequestParameter('pass')) )) + $login = ((setSession('sponsor_id' , bigintval(postRequestParameter('sponsor_id')))) && + (setSession('sponsor_pass', md5(postRequestParameter('password')) )) ); if ($login === true) { @@ -258,21 +283,21 @@ WHERE `id`='%s' AND password='%s' LIMIT 1", redirectToUrl('modules.php?module=sponsor'); } else { // Cookie setup failed! - loadTemplate('admin_settings_saved', false, '{--SPONSPOR_COOKIE_SETUP_FAILED--}'); + displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Status is not fine - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}'); + displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}'); // Login formular and other links loadTemplate('guest_sponsor_login'); } } else { // Account missing or wrong pass! We shall not find this out for the "cracker folks"... - loadTemplate('admin_settings_saved', false, '{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}'); + displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}'); // Login formular and other links loadTemplate('guest_sponsor_login');