From: Roland Häder Date: Wed, 13 Feb 2008 22:00:42 +0000 (+0000) Subject: Updating profiles fixed. It was still broken since I have changed the password hashin... X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=8a2ab6a6beb399e024ec5a56b487b03c4f65551c Updating profiles fixed. It was still broken since I have changed the password hashing system. --- diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 2f75170617..c463f8de30 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -49,6 +49,9 @@ function SQL_QUERY($sql_string, $F, $L) ".MYSQL_QUERY_STRING."
".$sql_string); + // Debug output + //* DEBUG: */ print "Query=".$sql_string.", affected=".SQL_AFFECTEDROWS().", numrows=".SQL_NUMROWS($result)."
\n"; + if (($CSS != "1") && ($CSS != "-1") && (DEBUG_MODE) && (DEBUG_SQL)) { // diff --git a/inc/language/de.php b/inc/language/de.php index f49358c0ff..6201cc02c8 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1095,5 +1095,7 @@ define('ADMIN_CONTACT_USER', "Mitglied kontaktieren"); define('CONTACT_USER', "Mitglied kontaktieren"); define('ADMIN_USER_CONTACTED', "Das Mitglied wurde per EMail kontaktiert."); define('ADMIN_CONTACT_USER_SUBJECT', "Nachricht vom {!MT_WORD!} {!MAIN_TITLE!}"); +define('MEMBER_CANNOT_LOAD_PROFILE', "Fehler beim Laden des Mitgliederprofiles. Bitte Support benachrichten."); + // ?> diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 562738fc29..1d87752921 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -735,33 +735,42 @@ function GET_MOD_DESCR($MODE, $wht) // function SEND_MODE_MAILS($mod, $modes) { - global $_COOKIE, $_POST, $CONFIG, $DATA; + global $CONFIG, $DATA; + // Load hash - $result_main = SQL_QUERY("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", + $result_main = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); - if (SQL_NUMROWS($result_main) == 1) - { - // Load hash and extract salt - list($hash) = SQL_FETCHROW($result_main); - $salt = substr($hash, 0, -40); + if (SQL_NUMROWS($result_main) == 1) { + // Load hash from database + list($hashDB) = SQL_FETCHROW($result_main); + + // Extract salt from cookie + $salt = substr($_COOKIE['u_hash'], 0, -40); // Now let's compare passwords - $hash = generateHash($_POST['pass1'], $salt); - if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) - { + $hash = generatePassString($hashDB); + if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) { // Load user's data $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1", - array($GLOBALS['userid'], $hash), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Load the data $DATA = SQL_FETCHROW($result); + + // Free result SQL_FREERESULT($result); + + // Translate salutation $DATA[0] = TRANSLATE_SEX($DATA[0]); + + // Clear/init the content variable + $content = ""; + $DATA['info'] = ""; + switch ($mod) { case "mydata": - foreach ($modes as $mode) - { + foreach ($modes as $mode) { switch ($mode) { case "normal": break; // Do not add any special lines @@ -778,10 +787,9 @@ function SEND_MODE_MAILS($mod, $modes) $content = MEMBER_UNKNOWN_MODE.": ".$mode."\n\n"; break; } - } + } // END - if - if (EXT_IS_ACTIVE("country")) - { + if (EXT_IS_ACTIVE("country")) { // Replace code with description $DATA[4] = COUNTRY_GENERATE_INFO($_POST['country_code']); } @@ -789,14 +797,11 @@ function SEND_MODE_MAILS($mod, $modes) // Load template $msg = LOAD_EMAIL_TEMPLATE("member_mydata_notify", $content, $GLOBALS['userid']); - if ($CONFIG['admin_notify'] == 'Y') - { + if ($CONFIG['admin_notify'] == 'Y') { // The admin needs to be notified about a profile change $msg_admin = "admin_mydata_notify"; $sub_adm = ADMIN_CHANGED_DATA; - } - else - { + } else { // No mail to admin $msg_admin = ""; $sub_adm = ""; @@ -813,51 +818,42 @@ function SEND_MODE_MAILS($mod, $modes) $content = "".UNKNOWN_MODULE.""; break; } - } - else - { + } else { // Could not load profile data $content = "".MEMBER_CANNOT_LOAD_PROFILE.""; } - } - else - { + } else { // Passwords mismatch $content = "".MEMBER_PASSWORD_ERROR.""; } - } - else - { + } else { // Could not load profile $content = "".MEMBER_CANNOT_LOAD_PROFILE.""; } - if ((!empty($sub_mem)) && (!empty($msg))) - { + + // Send email to user if required + if ((!empty($sub_mem)) && (!empty($msg))) { // Send member mail SEND_EMAIL($DATA[7], $sub_mem, $msg); } - if ((!empty($sub_adm)) && (!empty($msg_admin))) - { - // Send admin mail - if (GET_EXT_VERSION("admins") >= "0.4.1") - { - SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']); - } - else - { - SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid'])); + + // Send only if no other error has occured + if (empty($content)) { + if ((!empty($sub_adm)) && (!empty($msg_admin))) { + // Send admin mail + if (GET_EXT_VERSION("admins") >= "0.4.1") { + SEND_ADMIN_EMAILS_PRO($sub_adm, $msg_admin, $content, $GLOBALS['userid']); + } else { + SEND_ADMIN_EMAILS($sub_adm, LOAD_EMAIL_TEMPLATE($msg_admin, $content, $GLOBALS['userid'])); + } + } elseif ($CONFIG['admin_notify'] == 'Y') { + // Cannot send mails to admin! + $content = CANNOT_SEND_ADMIN_MAILS; + } else { + // No mail to admin + $content = "".MYDATA_MAIL_SENT.""; } } - elseif ($CONFIG['admin_notify'] == 'Y') - { - // Cannot send mails to admin! - $content = CANNOT_SEND_ADMIN_MAILS; - } - else - { - // No mail to admin - $content = "".MYDATA_MAIL_SENT.""; - } // Load template LOAD_TEMPLATE("admin_settings_saved", false, $content);