function doLogin($referer_in, $post)
{
extract($post);
if ($submit_login) {
if (!recaptchaCheck()) {
return 0;
}
$database = connectToDatabase();
$account = new Account($username);
if ($account->checkPassword($password)) {
session_name($username);
$_SESSION['username'] = $username;
$_SESSION['id'] = $account->getDatabaseID();
if ($referer) {
doRedirect($referer);
} else {
renderError("Cannot redirect you to the proper place. Please press the back button and try again.");
return 0;
}
} else {
renderError("Your password is incorrect. Please try again");
return 0;
}
} else {
renderError("You need to login to do that.");
displayLoginForm($referer_in);
return 0;
}
}
function decomposeForwardUrl($forwardUrl)
{
$decomposedForwardUrl = @parse_url($forwardUrl);
if (!$decomposedForwardUrl || !isset($decomposedForwardUrl['scheme']) || $decomposedForwardUrl['scheme'] != 'http' && $decomposedForwardUrl['scheme'] != 'https') {
renderError(412, 'Precondition Failed', 'Malformed forward URL.');
}
return $decomposedForwardUrl;
}
/**
* Handle add product request
*/
function add_product()
{
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
renderError('Нельзя так, только POST');
}
product_add($_POST);
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
/**
* Validate product, renders error if validation fails
* @param array $input
*/
function product_validate_input(array $input)
{
foreach (product_attributes() as $name => $type) {
if (!array_key_exists($name, $input)) {
renderError('Упс, кажется, ты забыл заполнить поле ' . $name);
}
if (!call_user_func('is_' . $type, $input[$name])) {
renderError('Ой, поле ' . $name . 'должно иметь тип ' . $type);
}
}
}
function displayComponentHierarchy()
{
global $tables;
$database = connectToDatabase();
if (!$database) {
return;
}
$result_class = mysqlQuery("SELECT id,name FROM " . $tables['classes'] . " ORDER BY priority", $database);
if (!$result_class) {
renderError("Cannot obtain classes list!");
return;
}
while ($result_array_class = mysql_fetch_array($result_class)) {
$class_count++;
echo "<p class='class'>" . $result_array_class['name'] . " ";
if ($class_count > 1) {
echo "<span class='up'><a href='?increase_priority=" . $result_array_class['id'] . "'>[UP]</a></span>";
}
if ($class_count < mysql_num_rows($result_class)) {
echo "<span class='down'><a href='?decrease_priority=" . $result_array_class['id'] . "'>[DOWN]</a></span>";
}
$result_family = mysqlQuery("SELECT id,name FROM " . $tables['families'] . " WHERE class_id=" . $result_array_class['id'], $database);
if (!$result_family) {
renderError("Cannot obtain families list!");
return;
}
$first_family = true;
while ($result_array_family = mysql_fetch_array($result_family)) {
if ($first_family) {
echo "<span class='edit'><a href='?edit_class=" . $result_array_class['id'] . "'>[Edit]</a></span></p>";
}
$first_family = false;
$family_count++;
echo "<p class='family'>*" . $result_array_family['name'] . " <span class='edit'><a href='?edit_family=" . $result_array_family['id'] . "'>[Edit]</a></span>";
$result_component = mysqlQuery("SELECT id,name FROM " . $tables['components'] . " WHERE family_id=" . $result_array_family['id'], $database);
if (!$result_component) {
renderError("Cannot obtain components list!");
return;
}
$first_component = true;
while ($result_array_component = mysql_fetch_array($result_component)) {
$first_component = false;
if ($first_component) {
echo "</p>";
}
echo "<p class='component'>-" . $result_array_component['name'] . " <span class='edit'><a href='?edit_component=" . $result_array_component['id'] . "'>[Edit]</a></span><span class='remove'><a href='?remove_component=" . $result_array_component['id'] . "&name=" . $result_array_component['name'] . "'>[Remove]</a></span></p>";
}
if ($first_component) {
echo "<span class='remove'><a href='?remove_family=" . $result_array_family['id'] . "&name=" . $result_array_family['name'] . "'>[Remove]</a></span></p>";
}
echo "\r\n\t\t\t\t\t<form class='component' method='post' action='index.php'><p>-\r\n\t\t\t\t\t<input type='hidden' name='submitted' value='1' />\r\n\t\t\t\t\t<input type='hidden' name='next_page' value='3' />\r\n\t\t\t\t\t<input type='hidden' name='family_id' value='" . $result_array_family['id'] . "' />\r\n\t\t\t\t\t<input type='text' name='name' />\r\n\t\t\t\t\t<input type='submit' value='Submit' /></p>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t";
}
if ($first_family) {
echo "<span class='edit'><a href='?edit_class=" . $result_array_class['id'] . "'>[Edit]</a></span>";
echo "<span class='remove'><a href='?remove_class=" . $result_array_class['id'] . "&name=\"" . $result_array_class['name'] . "\"'>[Remove]</a></span></span><br/>";
}
//display all families in this class and all components in those families and the new component form for each family
echo "\r\n\t\t\t\t\t<form class='family' method='post' action='index.php'><p>*\r\n\t\t\t\t\t<input type='hidden' name='submitted' value='1' />\r\n\t\t\t\t\t<input type='hidden' name='next_page' value='2' />\r\n\t\t\t\t\t<input type='hidden' name='class_id' value='" . $result_array_class['id'] . "' />\r\n\t\t\t\t\t<input type='text' name='name' />\r\n\t\t\t\t\t<input type='submit' value='Submit' /></p>\r\n\t\t\t\t\t</form><br/>\r\n\t\t\t\t\t";
}
?>
<form class='class' method="post" action="index.php"><p>
<input type='hidden' name='submitted' value='1' />
<input type='hidden' name='next_page' value='1' />
<input type='text' name='name' />
<input type='submit' value="Submit" /></p>
</form>
<?php
}
return htmlspecialchars($s, ENT_QUOTES, 'utf-8');
}
if (isset($_GET['f']) && !empty($_GET['f']) && $_GET['f'] !== __FILE__) {
$content = @file_get_contents($_GET['f']);
if ($content === FALSE) {
renderError('<span class="error"><strong>ERROR:</strong> Failed to open stream!</span>');
} else {
$sc = htmlspecialchars(file_get_contents($_GET['f']));
if (isset($_GET['embedded'])) {
renderHTMLEmbedded($sc, normalize($_GET['f']));
} else {
renderHTML($sc, normalize($_GET['f']));
}
}
} else {
renderError('<span class="error"><strong>ERROR:</strong> Please specify a correct file URI.</span>');
}
?>
<?php
function renderHTML($sc, $uri)
{
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>File Source Code Viewer</title>
<?php
require_once 'utilities.php';
if (count(sscanf($_SERVER['HTTP_REFERER'], "http://oc.ericneill.com/%s.php")) > 0) {
if (!is_numeric($_GET['id'])) {
//renderError( "ID must be an integer!" );
} else {
if (isset($_GET['id']) && $_GET['id'] > 0) {
echo displayComponentDescription($_GET['id']);
}
}
} else {
renderError("Bad referrer!");
}
function displayComponentDescription($component_id_in)
{
global $tables;
$query = "SELECT description FROM " . $tables['components'] . " WHERE id=" . $component_id_in;
$result = mysqlGetSingleValue($query);
return $result;
}
function checkPrivs($filename)
{
if (!is_readable($filename)) {
renderError('One of the source files could not be read.');
}
}
function connectToDatabase()
{
global $database_server, $database_username, $database_password, $database_name;
$database = mysql_connect($database_server, $database_username, $database_password);
if (!$database) {
renderError("Database Server Unreachable");
return 0;
}
$query_result = mysql_query("USE " . $database_name, $database);
if (!$query_result) {
renderError("Database Unreachable");
return 0;
}
$query_result = mysql_query("SET NAMES 'utf8'");
if (!$query_result) {
renderError("Unable to set charset");
return 0;
}
return $database;
}
/**
* Renders not allowed page and stop application
*/
function methodNotAllowed()
{
renderError('Метод ' . $_SERVER['REQUEST_METHOD'] . ' недопустим для этого запроса, увы ;(');
}
function displayShippingInfoFromPOSTAdmin($order_id_in)
{
global $tables;
$database = connectToDatabase();
$query = "SELECT * FROM " . $tables['shippinginfo'];
$result = mysqlQuery($query);
if (!$result || mysql_num_rows($result) < 1) {
renderError("SHIPPING INFO TABLE EMPTY");
return;
}
echo "<form method='post'>";
echo "<table>";
echo "<tr><td>First Name:</td><td><input type=text name='first_name' value='" . $_POST['first_name'] . "'></td></tr>";
echo "<tr><td>Last Name:</td><td><input type=text name='last_name' value='" . $_POST['last_name'] . "'></td></tr>";
echo "<tr><td>Middle Initial:</td><td><input type=text name='middle_initial' value='" . $_POST['middle_initial'] . "'></td></tr>";
echo "<tr><td>Street Address:</td><td><input type=text name='street_address' value='" . $_POST['street_address'] . "'></td></tr>";
echo "<tr><td>City:</td><td><input type=text name='city' value='" . $_POST['city'] . "'></td></tr>";
echo "<tr><td>State:</td><td><select name='state'>";
$states = "<option>AL</option> <option>AK</option> <option>AS</option> <option>AZ</option>\r\n\t<option>AR</option> <option>CA</option> <option>CO</option> <option>CT</option>\r\n\t<option>DE</option> <option>DC</option> <option>FM</option> <option>FL</option>\r\n\t<option>GA</option> <option>GU</option> <option>HI</option> <option>ID</option>\r\n\t<option>IL</option> <option>IN</option> <option>IA</option> <option>KS</option>\r\n\t<option>KY</option> <option>LA</option> <option>ME</option> <option>MH</option>\r\n\t<option>MD</option> <option>MA</option> <option>MI</option> <option>MN</option>\r\n\t<option>MS</option> <option>MO</option> <option>MT</option> <option>NE</option>\r\n\t<option>NV</option> <option>NH</option> <option>NJ</option> <option>NM</option>\r\n\t<option>NY</option> <option>NC</option> <option>ND</option> <option>MP</option>\r\n\t<option>OH</option> <option>OK</option> <option>OR</option> <option>PW</option>\r\n\t<option>PA</option> <option>PR</option> <option>RI</option> <option>SC</option>\r\n\t<option>SD</option> <option>TN</option> <option>TX</option> <option>UT</option>\r\n\t<option>VT</option> <option>VI</option> <option>VA</option> <option>WA</option>\r\n\t<option>WV</option> <option>WI</option> <option>WY</option></select></td></tr>";
if (isset($_POST['state'])) {
$states = str_replace(">" . $_POST['state'], " selected='selected'>" . $_POST['state'], $states);
} else {
$states = str_replace(">AL", " selected='selected'>AL", $states);
}
echo $states;
echo "<tr><td>Zip-Code:</td><td><input type=text name='zip_code' value='" . $_POST['zip_code'] . "'></td></tr>";
echo "<tr><td>Shipping Method:</td><td><select name='OC_ship'>";
while ($result_array = mysql_fetch_array($result)) {
echo "<option value='" . $result_array['id'] . "'>" . $result_array['name'] . "- \$" . number_format($result_array['cost'], 2, '.', ',') . "</option>";
}
echo "</select></td></tr>";
echo "<tr>";
echo "<td>Payment Received:</td>";
echo "<td><input type='checkbox' name='payment' /></td>";
echo "</tr>";
echo "<tr>";
echo "<td>Order Shipped:</td>";
echo "<td><input type='checkbox' name='shipped' /></td>";
echo "</tr>";
echo "<input type='hidden' name='order_id' value='" . $order_id_in . "' />\r\n <tr><td><input type='submit' value='SUBMIT SHIPPING INFO' name='ship_submit' /></td><td></td>\r\n </table>\r\n </form>";
}
}
if (THprofile_lcnames) {
$username = strtolower($_GET['user']);
} else {
$username = $_GET['user'];
}
if (!$db->userexists($username)) {
renderError("Invalid user specified!");
}
// Only admins can do this.
if (!$_SESSION['admin']) {
renderInvalidPermissions();
}
//Don't delete yourself.
if ($_SESSION['username'] == $username) {
renderError("You cannot lock yourself out!");
}
$db->suspenduser($username);
$actionstring = "Remove\tprofile:" . $username;
writelog($actionstring, "profiles");
$sm = sminit("remove.tpl", null, "profiles", false, false);
$sm->assign("username", $username);
$sm->display("remove.tpl", null);
} else {
// Fall-through case - just show all the available options
$canSeeMemberlist = 0;
//is member list available?
if (THprofile_viewuserpolicy == 0 && ($_SESSION['admin'] || $_SESSION['moderator'] || $_SESSION['mod_array'])) {
//Mods only
$canSeeMemberlist = 1;
} elseif (THprofile_viewuserpolicy == 1 && $_SESSION['username']) {
function displayShippingInfo($order_id_in)
{
global $tables;
$database = connectToDatabase();
$query = "SELECT * FROM " . $tables['shippinginfo'];
$result = mysqlQuery($query);
$query_2 = "SELECT shipping_first_name, shipping_last_name,shipping_middle_initial, shipping_address, shipping_city, shipping_state, shipping_zip_code FROM " . $tables['orders'] . " WHERE id=" . $order_id_in;
$result_2 = mysqlQuery($query_2);
if (!$result || mysql_num_rows($result) < 1) {
renderError("SHIPPING INFO TABLE EMPTY");
return;
}
if (!$result_2 || mysql_num_rows($result_2) < 1) {
renderError("ORDER PASSED IN DOESN'T EXIST");
return;
}
$result_array_2 = mysql_fetch_array($result_2);
echo "<form method='post'>";
echo "<table>";
echo "<tr><td>First Name:</td><td><input type=text name='first_name' value='" . $result_array_2['shipping_first_name'] . "'></td></tr>";
echo "<tr><td>Last Name:</td><td><input type=text name='last_name' value='" . $result_array_2['shipping_last_name'] . "'></td></tr>";
echo "<tr><td>Middle Initial:</td><td><input type=text name='middle_initial' value='" . $result_array_2['shipping_middle_initial'] . "'></td></tr>";
echo "<tr><td>Street Address:</td><td><input type=text name='street_address' value='" . $result_array_2['shipping_address'] . "'></td></tr>";
echo "<tr><td>City:</td><td><input type=text name='city' value='" . $result_array_2['shipping_city'] . "'></td></tr>";
echo "<tr><td>State:</td><td><select name='state'>";
$states = "<option>AL</option> <option>AK</option> <option>AS</option> <option>AZ</option>\r\n\t<option>AR</option> <option>CA</option> <option>CO</option> <option>CT</option>\r\n\t<option>DE</option> <option>DC</option> <option>FM</option> <option>FL</option>\r\n\t<option>GA</option> <option>GU</option> <option>HI</option> <option>ID</option>\r\n\t<option>IL</option> <option>IN</option> <option>IA</option> <option>KS</option>\r\n\t<option>KY</option> <option>LA</option> <option>ME</option> <option>MH</option>\r\n\t<option>MD</option> <option>MA</option> <option>MI</option> <option>MN</option>\r\n\t<option>MS</option> <option>MO</option> <option>MT</option> <option>NE</option>\r\n\t<option>NV</option> <option>NH</option> <option>NJ</option> <option>NM</option>\r\n\t<option>NY</option> <option>NC</option> <option>ND</option> <option>MP</option>\r\n\t<option>OH</option> <option>OK</option> <option>OR</option> <option>PW</option>\r\n\t<option>PA</option> <option>PR</option> <option>RI</option> <option>SC</option>\r\n\t<option>SD</option> <option>TN</option> <option>TX</option> <option>UT</option>\r\n\t<option>VT</option> <option>VI</option> <option>VA</option> <option>WA</option>\r\n\t<option>WV</option> <option>WI</option> <option>WY</option></select></td></tr>";
if (isset($result_array_2['shipping_state'])) {
$states = str_replace(">" . $result_array_2['shipping_state'], " selected='selected'>" . $result_array_2['shipping_state'], $states);
} else {
$states = str_replace(">AL", " selected='selected'>AL", $states);
}
echo $states;
echo "<tr><td>Zip-Code:</td><td><input type=text name='zip_code' value='" . $result_array_2['shipping_zip_code'] . "'></td></tr>";
echo "<tr><td>Shipping Method:</td><td><select name='OC_ship'>";
while ($result_array = mysql_fetch_array($result)) {
echo "<option value='" . $result_array['id'] . "'>" . $result_array['name'] . "- \$" . number_format($result_array['cost'], 2, '.', ',') . "</option>";
}
echo "</select></td>";
echo "<input type='hidden' name='order_id' value='" . $order_id_in . "' />\r\n <tr><td><input type='submit' value='SUBMIT SHIPPING INFO' name='ship_submit' /></td><td></td>\r\n </table>\r\n </form>";
echo "<form action='configuration_system.php' method='post'>\r\n <input type='hidden' name='order_id' value='" . $order_id_in . "' />\r\n <input type='submit' value='CANCEL' name='Cancel'/>\r\n </form>";
}
}
while ($result_array = mysql_fetch_array($result)) {
$orderlines++;
displayOrderline($result_array[0], $orderlines);
if (!isOrderlineFull($result_array[0])) {
$incomplete++;
renderError("This item is not full!");
}
}
if (!$orderlines) {
noItemsInCart();
}
if (!$incomplete) {
orderComplete(0, $order, 1);
} else {
renderError("Please complete all incomplete items before checking out.");
}
echo "<br/><br/>";
}
}
function displayOrderline($orderline_id_in, $orderline_number_in)
{
//SELECT component.name,component.description,class.id,class.name
//FROM selectedcomponent
//JOIN ( component, family, class )
//ON ( selectedcomponent.component_id=component.id
//AND component.family_id=family.id
//AND family.class_id=class.id )
//WHERE orderline_id=3
echo "<div class='cart_item'>Item #" . $orderline_number_in . "</div>";
displayPreviouslySelectedComponentList($orderline_id_in, 'cart.php');
function updateDatabase($database)
{
global $tables;
if (!$database) {
renderError("Account update method was passed a null database resource");
return 0;
}
if (!$this->first_name || !$this->last_name || !$this->street_address || !$this->city || !$this->state || !$this->zip_code || !$this->email_address || !$this->area_code || !$this->phone_number || !$this->password || !$this->username) {
renderError("The update cannot be processed.");
return 0;
}
if ($this->database_id) {
//UPDATE table SET field='newval', field2='newval2' WHERE id='$database_id'
$query = "UPDATE " . $tables['accounts'] . " SET " . "first_name='" . $this->first_name . "'," . "last_name='" . $this->last_name . "'," . "middle_initial='" . $this->middle_initial . "'," . "street_address='" . $this->street_address . "'," . "city='" . $this->city . "'," . "state='" . $this->state . "'," . "zip_code='" . $this->zip_code . "'," . "email_address='" . $this->email_address . "'," . "area_code='" . $this->area_code . "'," . "phone_number='" . $this->phone_number . "'," . "password='******' WHERE id='" . $this->database_id . "'";
} else {
$query = "INSERT INTO " . $tables['accounts'] . " VALUES ( " . "NULL, " . "'" . $this->last_name . "'," . "'" . $this->first_name . "'," . "'" . $this->middle_initial . "'," . "'" . $this->street_address . "'," . "'" . $this->city . "'," . "'" . $this->state . "'," . "'" . $this->zip_code . "'," . "'" . $this->email_address . "'," . "'" . $this->area_code . "'," . "'" . $this->phone_number . "'," . "'" . $this->username . "'," . "'" . $this->password . "' )";
}
if (!query) {
renderError("Update Failed -- Account update query was empty!!!");
return 0;
}
$query_result = mysqlQuery($query, $database);
if (mysql_error()) {
//debug( "query", $query );
renderError("Unknown MySQL Error; " . mysql_error());
return 0;
}
$query = "SELECT id FROM " . $tables['accounts'] . " WHERE username='******'";
$query_result = mysqlQuery($query, $database);
$result_array = mysql_fetch_array($query_result);
$this->database_id = $result_array[0];
if (!$this->database_id) {
renderError("Account creation successful, but failed to set database id.");
return 0;
}
return 1;
}
displayPreviouslySelectedComponentList($result_array[0], 'cart.php');
echo "<br/>";
$number++;
}
} else {
if (isLoggedIn() && $_GET['edit_id']) {
//edit order edit_id
displayShippingInfo($_GET['edit_id']);
} else {
if (isLoggedIn()) {
$database = connectToDatabase();
$query = "SELECT *\r\n FROM " . $tables['orders'] . "\r\n WHERE account_id=" . $_SESSION['id'] . " AND placed_date IS NOT NULL";
$result = mysqlQuery($query, $database);
$rows = mysql_num_rows($result);
if ($rows < 1) {
renderError("You have not placed any orders yet.");
} else {
if ($rows >= 1) {
echo "\r\n <table border='1' width='100%'>\r\n <thead>\r\n <tr>\r\n <th><span class='edit_account_table_header'>Shipping Name</span></th>\r\n <th><span class='edit_account_table_header'>Shipping Address</span></th>\r\n <th><span class='edit_account_table_header'>Created Date</span></th>\r\n <th><span class='edit_account_table_header'>Placed Date</span></th>\r\n <th><span class='edit_account_table_header'>Payment Date</span></th>\r\n <th><span class='edit_account_table_header'>Shipped Date</span></th>\r\n <th><span class='edit_account_table_header'>Subtotal</span></th>\r\n <th/>\r\n <th/>\r\n </tr>\r\n </thead><tbody>";
for ($row = 0; $row < $rows; $row++) {
$result_array = mysql_fetch_array($result);
$name = $result_array['shipping_last_name'] . ", " . $result_array['shipping_first_name'] . " " . $result_array['shipping_middle_initial'];
$address = $result_array['shipping_address'] . "<br/>" . $result_array['shipping_city'] . ", " . $result_array['shipping_state'] . " " . $result_array['shipping_zip_code'];
$subtotal = number_format($result_array['subtotal'], 2, '.', ',');
echo "\r\n <tr>\r\n <td>" . $name . "</td>\r\n <td>" . $address . "</td>\r\n <td>" . $result_array['created_date'] . "</td>\r\n <td>" . $result_array['placed_date'] . "</td>\r\n <td>" . $result_array['payment_date'] . "</td>\r\n <td>" . $result_array['shipped_date'] . "</td>\r\n <td>\$" . $subtotal . "</td>";
echo "<td><span class='edit_accounts'><a href='?view_id=" . $result_array['id'] . "'>[View]</a></span></td>";
if ($result_array['shipped_date']) {
echo "<td></td></tr>";
} else {
echo "\r\n <td><span class='edit_accounts'><a href='?edit_id=" . $result_array['id'] . "'>[Edit]</a></span></td>\r\n </tr>\r\n ";
}
}
if (strlen($_POST['middle_initial']) > 1) {
renderError("You may not have more than one letter for middle initial");
$my_error++;
}
if (!validateZipCode($_POST['zip_code'])) {
renderError("error");
$my_error++;
}
if (!$_POST['street_address']) {
renderError("error2");
$my_error++;
}
if (!$_POST['city']) {
renderError("error3");
$my_error++;
}
if ($my_error < 1) {
$query = "UPDATE orders\r\n SET shipping_first_name='" . $_POST['first_name'] . "',\r\n shipping_last_name='" . $_POST['last_name'] . "',\r\n shipping_middle_initial='" . $_POST['middle_initial'] . "',\r\n shipping_address='" . $_POST['street_address'] . "',\r\n shipping_city='" . $_POST['city'] . "', shipping_state='" . $_POST['state'] . "' ,\r\n shipping_zip_code='" . $_POST['zip_code'] . "', shippinginfo_id='" . $_POST['OC_ship'] . "', placed_date=NOW()\r\n WHERE id=" . $_POST['order_id'] . " LIMIT 1";
$result = mysqlQuery($query);
if (!$result || mysql_affected_rows() > 1) {
renderError("UPDATE FAILED");
} else {
echo "UPDATE SUCCESS!!!<br/>";
}
} else {
displayShippingInfoFromPOST($_POST['order_id']);
}
}
}
require_once 'footer.php';
