if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
// Add description as navigation point
ADD_DESCR("guest", __FILE__);
$MODE = "";
}
// Add description as navigation point
ADD_DESCR("guest", __FILE__);
$MODE = "";
// A "special" mode of the login system was requested
switch ($_GET['mode'])
{
case "activate" : $MODE = "activate"; break; // Activation link requested
case "lost_pass": $MODE = "lost_pass"; break; // Request new password
}
// A "special" mode of the login system was requested
switch ($_GET['mode'])
{
case "activate" : $MODE = "activate"; break; // Activation link requested
case "lost_pass": $MODE = "lost_pass"; break; // Request new password
}
// Lookup sponsor
$result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
company, position, tax_ident,
// Lookup sponsor
$result = SQL_QUERY_ESC("SELECT id, status, gender, surname, family,
company, position, tax_ident,
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
LIMIT 1", array($_GET['hash']), __FILE__, __LINE__);
// Sponsor found, load his data...
$SPONSOR = SQL_FETCHARRAY($result);
// Sponsor found, load his data...
$SPONSOR = SQL_FETCHARRAY($result);
// Set account to pending
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
// Set account to pending
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
// Prepare mail and send it to the sponsor
$MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
// Prepare mail and send it to the sponsor
$MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
// Sponsor account set to pending
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
// Sponsor account set to pending
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
// Could not unlock account!
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
}
// Could not unlock account!
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
}
// Changed email adress need to be confirmed
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
// Check on success
// Changed email adress need to be confirmed
$result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
array(bigintval($SPONSOR['id']), $_GET['hash']), __FILE__, __LINE__);
// Check on success
// Sponsor account is unlocked again
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
// Sponsor account is unlocked again
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
// Could not unlock account!
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
}
// Could not unlock account!
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
}
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, gender, surname, family, sponsor_created
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
- array($_POST['email']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array($_POST['email']), __FILE__, __LINE__);
+
+ // Entry found?
+ if (SQL_NUMROWS($result) == 1) {
// Unconfirmed sponsor account found so let's load the requested data
$SPONSOR = SQL_FETCHARRAY($result);
// Unconfirmed sponsor account found so let's load the requested data
$SPONSOR = SQL_FETCHARRAY($result);
$SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
// Prepare email and send it to the sponsor
$SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
// Prepare email and send it to the sponsor
// Confirmed email address
$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
}
// Confirmed email address
$msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
}
// No account found or not UNCONFIRMED
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
}
// Free memory
SQL_FREERESULT($result);
// No account found or not UNCONFIRMED
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
}
// Free memory
SQL_FREERESULT($result);
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
// Check email
$result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, gender, surname, family, sponsor_created
FROM "._MYSQL_PREFIX."_sponsor_data
WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
- array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ array($_POST['email'], bigintval($_POST['id'])), __FILE__, __LINE__);
+ // Entry found?
+ if (SQL_NUMROWS($result) == 1) {
// Unconfirmed sponsor account found so let's load the requested data
$SPONSOR = SQL_FETCHARRAY($result);
// Unconfirmed sponsor account found so let's load the requested data
$SPONSOR = SQL_FETCHARRAY($result);
// No account found or not UNCONFIRMED
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
}
// Free memory
SQL_FREERESULT($result);
// No account found or not UNCONFIRMED
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
}
// Free memory
SQL_FREERESULT($result);
// Check status and login data ...
$result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' LIMIT 1",
array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
// Check status and login data ...
$result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
WHERE id='%s' AND password='%s' LIMIT 1",
array(bigintval($_POST['sponsorid']), md5($_POST['pass'])), __FILE__, __LINE__);
// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
list($status) = SQL_FETCHROW($result);
// Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
list($status) = SQL_FETCHROW($result);
// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
// seperate timeout for these two cookies?
$life = (time() + $_CONFIG['online_timeout']);
// Calculate cookie lifetime, maybe we have to change this so the admin can setup a
// seperate timeout for these two cookies?
$life = (time() + $_CONFIG['online_timeout']);
$login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
(setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH)));
$login = ((setcookie("sponsorid" , bigintval($_POST['sponsorid']), $life, COOKIE_PATH)) &&
(setcookie("sponsorpass", md5($_POST['pass']) , $life, COOKIE_PATH)));
// Cookie setup successfull so we can forward to sponsor area
LOAD_URL(URL."/modules.php?module=sponsor");
// Cookie setup successfull so we can forward to sponsor area
LOAD_URL(URL."/modules.php?module=sponsor");
// Status is not fine
$content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
LOAD_TEMPLATE("admin_settings_saved", false, $content);
// Status is not fine
$content = constant('SPONSOR_LOGIN_FAILED_'.strtoupper($status).'');
LOAD_TEMPLATE("admin_settings_saved", false, $content);
// Account missing or wrong pass! We shall not find this out for the "hacker folks"...
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
OUTPUT_HTML("<br />");
// Account missing or wrong pass! We shall not find this out for the "hacker folks"...
LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
OUTPUT_HTML("<br />");