+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 09/30/2005 *
+ * =============== Last change: 05/19/2008 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : account.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Sponsor can manage his account *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Der Sponsor kann sein Account verwalten *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyleft (c) 2003, 2004, 2005 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software. You can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
+ require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
+ $FATAL[] = EXTENSION_PROBLEM_EXT_INACTIVE;
+ return;
+} elseif (!IS_SPONSOR()) {
+ // No sponsor!
+ $FATAL[] = SPONSOR_ONLY_AREA_ENTERED;
+ return;
+}
+
+// Data for the formular
+$result = SQL_QUERY_ESC("SELECT company, position, tax_ident,
+salut, surname, family, street_nr1, street_nr2, zip, city, country,
+phone, fax, cell, email, url,
+status, receive_warnings
+FROM "._MYSQL_PREFIX."_sponsor_data
+WHERE id='%s' AND password='%s' LIMIT 1",
+ array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
+if (SQL_NUMROWS($result) == 1) {
+ // Load sponsor data
+ $content = SQL_FETCHARRAY($result);
+ if ($content['status'] == "CONFIRMED") {
+ // Check if form was submitted or not
+ if (!empty($_POST['ok'])) {
+ // Check passwords
+ if (empty($_POST['pass_old'])) {
+ // No current password entered
+ $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
+ } elseif (md5($_POST['pass_old']) != $_COOKIE['sponsorpass']) {
+ // Entered password didn't match password in DB
+ $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
+ } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
+ // Both new passwords did not match
+ $MSG = SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH;
+ } elseif ((empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
+ // No password one entered
+ $MSG = SPONSOR_PASSWORD_ONE_EMPTY;
+ } elseif ((!empty($_POST['pass1'])) && (empty($_POST['pass2']))) {
+ // No password two entered
+ $MSG = SPONSOR_PASSWORD_TWO_EMPTY;
+ } elseif ((!empty($_POST['pass1'])) && (strlen($_POST['pass1']) < $CONFIG['pass_len'])) {
+ // Too short password
+ $MSG = SPONSOR_PASSWORD_TOO_SHORT_1.$CONFIG['pass_len'].SPONSOR_PASSWORD_TOO_SHORT_2;
+ } else {
+ // Default is we don't want to change password!
+ $PASS_AND = ""; $PASS_DATA = "";
+
+ // Check if we want to change password or not
+ if (($_POST['pass1'] == $_POST['pass2']) && (!empty($_POST['pass1'])) && ($_POST['pass1'] != $_POST['pass_old'])) {
+ // Change current password
+ $PASS_AND = ", password='%s'";
+ $PASS_DATA = md5($_POST['pass1']);
+ }
+
+ // Unsecure data which we don't want here
+ $UNSAFE = array('receive_warnings', 'warning_interval');
+
+ // Remove all (maybe spoofed) unsafe data from array
+ foreach ($UNSAFE as $remove) {
+ unset($_POST[$remove]);
+ }
+
+ // Set last change timestamp
+ $_POST['last_change'] = time();
+
+ // Save data
+ $MSG = SPONSOR_SAVE_DATA($_POST, $content);
+ }
+
+ if (!empty($MSG)) {
+ // Output message
+ $OUT = LOAD_TEMPLATE("admin_settings_saved", true, $MSG);
+ } else {
+ // No message generated
+ $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MESSAGE_GENERATED);
+ }
+ } else {
+ // Check for salutation selection
+ switch ($content['salut'])
+ {
+ case "M": // Male
+ define('__SALUT_M', " selected");
+ define('__SALUT_F', "");
+ define('__SALUT_C', "");
+ break;
+
+ case "F": // Female
+ define('__SALUT_M', "");
+ define('__SALUT_F', " selected");
+ define('__SALUT_C', "");
+ break;
+
+ case "C": // Company
+ define('__SALUT_M', "");
+ define('__SALUT_F', "");
+ define('__SALUT_C', " selected");
+ break;
+ }
+
+ // Output formular
+ $OUT = LOAD_TEMPLATE("sponsor_account_form", true, $content);
+ }
+ } else {
+ // Locked or so?
+ $STATUS = SPONSOR_TRANSLATE_STATUS($content['status']);
+ $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_FAILED_1.$STATUS.SPONSOR_ACCOUNT_FAILED_2);
+ }
+} else {
+ // Sponsor account not found!
+ $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
+}
+
+// Free memory
+SQL_FREERESULT($result);
+
+//
+?>