print "<div align=\"center\" class=\"error\">Are you sure you want to delete this product? <a class=\"error\" href=\"product.php?" . (isset($_GET['category']) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&delete=" . $_GET['delete'] . "&confirm=y\">Yes</a> <a class=\"error\" href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "\">No</a></div><br>"; } } $db = new dbi(); if (isset($_GET['category'])) { $results = mysql_query("select name from product_category where id = '" . $_GET['category'] . "'", $dbh); $bar_title = "Products for '" . mysql_result($results, 0, "name") . "'"; $db->query("select * from product where category = '{$_GET['category']}' and user = '******' order by sort, description asc"); } else { $results = mysql_query("select email from account where id = '" . $_GET['user'] . "'", $dbh); $bar_title = "Products for '" . mysql_result($results, 0, "email") . "'"; $db->query("select product_category.site,product.* from product inner join product_category on product_category.id = product.category where user = '******'user']}' order by sort, description asc"); } print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">"; print "<tr class=\"bar\"><td>{$bar_title}</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user="******"&add=1\">Add a Product</a></td></tr>"; if ($db->numrows()) { while ($db->loop()) { print "<tr><td align=\"left\"><a href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&mod=" . $db->result("id"); if (isset($_GET[user])) { print "&setsite=" . $db->result("product_category.site"); } print "\">" . substr($db->result("description"), 0, 60) . "</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user={$_GET['user']}") . "&delete=" . $db->result("id") . "\">Delete?</a></td></tr>"; } } else { print "<tr><td colspan=\"2\" align=\"center\">No Products for that Category/User!</td></tr>"; } print "</table>"; } include "footer.inc"; ?> </body>
$error = "Please select a valid type! {$type_id}"; } if (!$error) { if (isset($_GET['add'])) { mysql_query("insert into menu (site, name, parent, sort, type, type_id) values('" . SITE . "', '" . $_POST['name'] . "', '" . $_POST['parent'] . "', '" . $_POST['sort'] . "', '" . $_POST['type'] . "', '{$type_id}')"); } else { mysql_query("update menu set name = '" . $_POST['name'] . "', parent = '" . $_POST['parent'] . "', sort = '" . $_POST['sort'] . "', type = '" . $_POST['type'] . "', type_id = '{$type_id}' where id = '{$mod}'"); } print "<div align=\"center\" class=\"success\">Menu updated successfully!</div><br>"; $success = 1; } } if (isset($mod)) { $moddb = new dbi(); $moddb->query("select * from menu where site = '" . SITE . "' and id = '{$mod}'"); if (!$moddb->numrows()) { print "<div align=\"center\">No Menu Entry with ID of '{$mod}'!</div>"; unset($moddb); } } if (!isset($success)) { if ($error) { print "<div align=\"center\" class=\"error\">{$error}</div>"; } ?> <form action="menu.php?<?php if (isset($add)) { print "add=1"; } elseif (isset($mod)) { print "mod={$mod}"; }
<body> <?php include "../inc/header.inc"; ?> <h1>Password Reminder</h1> <table align="center" cellpadding="4" cellspacing="0" align="center"> <?php if (isset($_POST[email])) { if ($_POST[email] == "") { $error = "Please specify a valid email address!"; } if (!$error) { $edb = new dbi(); $edb->query("select email,password from account where email = '{$_POST['email']}' limit 0,1"); if ($edb->numrows()) { $from = "DBS Support <*****@*****.**>"; $header = "Return-Path: {$from}\r\nFrom: {$from}\r\nReply-To: {$from}"; $message = "This is your requested password reminder from a Data Business Systems Site. Below is your account email address and password.\n\n Email Address: " . $edb->result("email") . "\n Password: "******"password")), substr($edb->result("email"), 0, 2))) . "\n\nThis information was requested from (" . $_SERVER[REMOTE_ADDR] . ").\n\nRegards,\nCustomer Support\nsupport@databusinesssystems.com"; mail($edb->result("email"), "Password Reminder", $message, $header); print "<tr><td align=\"left\">Your password has been sent! If you do not receive the email or if you are still having difficulties using your account, please email us at <a href=\"mailto:support@databusinesssystems.com\">support@databusinesssystems.com</a> or call us at 1-800-778-6247.</td></tr>"; } else { $error = "No account with that email address!"; } } } if (!isset($_POST[email]) || $error) { ?> <tr><td>If you have lost your password, enter your email address below and your information will be sent to you.<br><br></td></tr> <?php if ($error) {
print_address($db->result("bill_address")); ?> </td><td valign="top"> <table align="right" cellpadding="2" cellspacing="0" border="0"> <tr><td align="right" class="order_header">Payment Type:</td><td align="left"><?php if ($db->result("payment_method") == 'cc') { print "Credit Card"; } else { print "Purchase Order"; } ?> </td></tr> <?php if ($db->result("payment_method") == 'cc') { $tdb->query("select * from cc_charges where order_id = '{$order_id}' order by datetime desc limit 0,1"); if ($tdb->numrows()) { ?> <tr><td align="right" class="order_header">Name on Card:</td><td align="left"><?php echo $tdb->result("first_name") . " " . $tdb->result("last_name"); ?> </td></tr> <tr><td align="right" class="order_header">Card Number:</td><td align="left"><?php if ($tdb->result("card_number")) { $card_number = trim(decrypto(base64_decode($tdb->result("card_number")), substr($tdb->result("order_id"), strlen($tdb->result("order_id")) - 2, 2))); for ($i = 0; $i < strlen($card_number) - 4; $i++) { print "x"; } print substr($card_number, strlen($card_number) - 4, 4); } else { print "Removed for Security"; }
print $_GET['id']; } ?> </title> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body> <?php function dollar($num) { return "\$" . number_format($num, 2, ".", ","); } if (isset($_GET[id])) { $db->query("select orders.*,account.email from orders inner join account on account.id = orders.account where orders.id = '" . $_GET['id'] . "'"); if (!$db->numrows()) { print "No Such Order!"; } else { ?> <table align="center" width="98%" cellpadding="2" cellspacing="0" border="0" style="border-bottom:2px solid black;"> <tr><td align="left" style="font-size:16px;"><b>Data Business Systems, Inc.</b></td><td align="right" style="font-size:16px;"><b>Order #: <?php echo $db->result("id"); ?> </b></td></tr> </table> <table bgcolor="#FFFFFF" width="96%" cellpadding="0" cellspacing="0" style="margin:2px auto 2px auto;"> <tr><td colspan="2"> <table width="100%" cellpadding="5" cellspacing="0"> <tr><td align="left" nowrap="nowrap"><?php if ($_GET['history']) { ?>