print "Purchase Order";
}
?>
</td></tr>
<?php
if ($db->result("payment_method") == 'cc') {
$tdb->query("select * from cc_charges where order_id = '{$order_id}' order by datetime desc limit 0,1");
if ($tdb->numrows()) {
?>
<tr><td align="right" class="order_header">Name on Card:</td><td align="left"><?php
echo $tdb->result("first_name") . " " . $tdb->result("last_name");
?>
</td></tr>
<tr><td align="right" class="order_header">Card Number:</td><td align="left"><?php
if ($tdb->result("card_number")) {
$card_number = trim(decrypto(base64_decode($tdb->result("card_number")), substr($tdb->result("order_id"), strlen($tdb->result("order_id")) - 2, 2)));
for ($i = 0; $i < strlen($card_number) - 4; $i++) {
print "x";
}
print substr($card_number, strlen($card_number) - 4, 4);
} else {
print "Removed for Security";
}
?>
</td></tr>
<tr><td align="right" class="order_header">Expiration Date:</td><td align="left"><?php
echo $tdb->result("exp_date");
?>
</td></tr>
<tr><td align="right" class="order_header">Message:</td><td align="left"><?php
echo $tdb->result("message");
include "../inc/header.inc";
?>
<h1>Password Reminder</h1>
<table align="center" cellpadding="4" cellspacing="0" align="center">
<?php
if (isset($_POST[email])) {
if ($_POST[email] == "") {
$error = "Please specify a valid email address!";
}
if (!$error) {
$edb = new dbi();
$edb->query("select email,password from account where email = '{$_POST['email']}' limit 0,1");
if ($edb->numrows()) {
$from = "DBS Support <*****@*****.**>";
$header = "Return-Path: {$from}\r\nFrom: {$from}\r\nReply-To: {$from}";
$message = "This is your requested password reminder from a Data Business Systems Site. Below is your account email address and password.\n\n Email Address: " . $edb->result("email") . "\n Password: "******"password")), substr($edb->result("email"), 0, 2))) . "\n\nThis information was requested from (" . $_SERVER[REMOTE_ADDR] . ").\n\nRegards,\nCustomer Support\nsupport@databusinesssystems.com";
mail($edb->result("email"), "Password Reminder", $message, $header);
print "<tr><td align=\"left\">Your password has been sent! If you do not receive the email or if you are still having difficulties using your account, please email us at <a href=\"mailto:support@databusinesssystems.com\">support@databusinesssystems.com</a> or call us at 1-800-778-6247.</td></tr>";
} else {
$error = "No account with that email address!";
}
}
}
if (!isset($_POST[email]) || $error) {
?>
<tr><td>If you have lost your password, enter your email address below and your information will be sent to you.<br><br></td></tr>
<?php
if ($error) {
?>
<tr><td align="center" class="error"><?php
echo $error;
} elseif ($_POST[password] != "" && strlen($_POST[password]) < 4 || strlen($_POST[password]) > 16) {
$error = "Password must be between 4 and 16 characters.";
} elseif ($_POST[password] != $_POST[cpassword]) {
$error = "Passwords do not match.";
} else {
$db = new dbi();
$db->query("select * from account where email = '" . $_POST[email] . "' and id != '{$_SESSION['account_id']}'");
if ($db->numrows()) {
$error = "Email account already exists.";
} else {
$query = "update account set email = '{$_POST['email']}', password = "******"") {
$query .= "'" . base64_encode(encrypto($_POST[password], strtolower(substr($_POST[email], 0, 2)))) . "'";
} else {
$db->query("select email,password from account where id = '{$_SESSION['account_id']}'");
$oldpassword = trim(decrypto(base64_decode($db->result("password")), substr($db->result("email"), 0, 2)));
$query .= "'" . base64_encode(encrypto($oldpassword, strtolower(substr($_POST[email], 0, 2)))) . "'";
}
$query .= " where id = '{$_SESSION['account_id']}'";
$db->query($query);
$_SESSION[email] = $_POST[email];
}
}
}
?>
<h1>Change Email/Password</h1>
<form method="post" action="<?php
echo $PHP_SELF;
?>
">
<table width="90%" border="0" cellspacing="0" cellpadding="2" align="center">
<table align="center" width="94%">
<tr><td valign="top">
<table align="center" cellpadding="2" cellspacing="0" border="0">
<tr class="bar"><td align="left" style="font-weight:bold;">Account #<?php
echo $row['id'];
?>
</td><td align="right" colspan="2"><a style="color:#fff;" href="<?php
echo $_SERVER['PHP_SELF'] . "?mod=" . $row['id'];
?>
">Modify Account</a></td></tr>
<tr><td class="field_title">Email</td><td><?php
echo $row['email'];
?>
</td></tr>
<tr><td class="field_title">Password</td><td><?php
echo trim(decrypto(base64_decode($row['password']), strtolower(substr($row['email'], 0, 2))));
?>
</td></tr>
<tr><td class="field_title">Created</td><td><?php
echo date("n/j/y g:i a", strtotime($row['created']));
?>
</td></tr>
<tr><td class="field_title">Purchase Order?</td><td><?php
echo $row['po'] == 'y' ? "Yes" : "No";
?>
</td></tr>
<tr><td class="field_title">Tax Rate</td><td><?php
echo is_numeric($row['taxrate']) ? $row['taxrate'] . "%" : "n/a";
?>
</td></tr>
<tr><td colspan="2" style="text-align:center;padding:5px 0 15px 0;"><a href="<?php
}
?>
</td></tr>
<?php
if ($order['payment_method'] == 'cc') {
$results = mysql_query("select * from cc_charges where order_id = '" . $order['id'] . "' order by datetime desc limit 0,1");
if (mysql_num_rows($results)) {
$cc = mysql_fetch_assoc($results);
?>
<tr><td align="right">Name on Card:</td><td align="left"><?php
echo $cc['first_name'] . " " . $cc['last_name'];
?>
</td></tr>
<tr><td align="right">Card Number:</td><td align="left"><?php
if ($cc['card_number']) {
$card_number = trim(decrypto(base64_decode($cc['card_number']), substr($cc['order_id'], strlen($cc['order_id']) - 2, 2)));
for ($i = 0; $i < strlen($card_number) - 4; $i++) {
print "x";
}
print substr($card_number, strlen($card_number) - 4, 4);
} else {
print "Removed for Security";
}
?>
</td></tr>
<tr><td align="right" class="order_header">Expiration Date:</td><td align="left"><?php
echo $cc['exp_date'];
?>
</td></tr>
<?php
}