function checkacc($customers_email, $customers_password, $username, $password, $database, $configValues) { if (strlen($_SESSION['customer_ip']) < 7) { //$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; $ip = $_SERVER['REMOTE_ADDR']; $_SESSION['customer_ip'] = $ip; } $ip = $_SESSION['customer_ip']; //echo "ip = $ip <br>"; // set all defaults for not logged in $_SESSION['loggedin'] = 0; $_SESSION['promotion'] = 0; $_SESSION['customers_email'] = $customers_email; $_SESSION['customers_password'] = $customers_password; $_SESSION['login_date_time'] = date("F j, Y, g:i a"); $_SESSION['login_timestamp'] = time(); $_SESSION['bytesleft'] = 0; // check freenet user name $mysql = new_mysql($username, $password, $database, "localhost"); $query = "SELECT * FROM customers WHERE customers_email_address='{$customers_email}'"; $result = get_query($query, $mysql); if ($result == 0) { //echo "<br> Failed Freenet user not fount <br>"; mysql_close(); $_SESSION['code'] = 0; return 0; } // check freenet password and collect needed user info $i = 0; $first = mysql_result($result, $i, "customers_firstname"); $_SESSION['firstname'] = $first; $email = mysql_result($result, $i, "customers_email_address"); $expire = mysql_result($result, $i, "customers_date_account_expires"); $_SESSION['expire'] = $expire; $strlen = strlen($expire); $cust_password = mysql_result($result, $i, "customers_password"); $pass = strcmp($cust_password, $customers_password); if ($pass != 0) { // echo "<br> Failed user name (email) not found in database <br>"; mysql_close(); $_SESSION['code'] = -1; return -1; } // check to see if customer has an IP address set in mysql records // if not make sure they don't already have an account as someone else // if no records with this ip then update there ip address in customer account $cust_ip_address = mysql_result($result, $i, "customers_ip_address"); $strlen = strlen($cust_ip_address); // echo "strlen = $strlen <br>"; if (strlen($cust_ip_address) == 0) { $cust_ip_address = $_SESSION['customer_ip']; if (strlen($cust_ip_address) < 7) { // invalid ip address given to check $_SESSION['code'] = -5; return 5; } // $cust_ip_address = $HTTP_SERVER_VARS["REMOTE_ADDR"]; // echo " ip = $cust_ip_address <br>"; $query = "SELECT * FROM customers WHERE customers_ip_address='{$cust_ip_address}'"; $result = get_query($query, $mysql); if ($result != 0) { // sorry they already have an account they will have to update the other one mysql_close(); $_SESSION['code'] = -3; return -3; } $query = "UPDATE customers SET customers_ip_address='{$cust_ip_address}' WHERE customers_email_address='{$customers_email}'"; get_query($query, $mysql); } $expire = update_account($customers_email, $mysql, $configValues); // check if account time window expired $timenow = time(); if ($timenow > $expire) { // time window has expired so // set code account expired and return -2 $_SESSION['code'] = -2; return -2; } // successfull login $expire = date("F j, Y, g:i a", $expire); $_SESSION['expire'] = $expire; //echo "<b>firstname: $first <br>E-mail: $email<br>Account will expires on: $expire <br><hr><br>"; //echo "<br> cust_password = $cust_password customers_password = $customers_password <br>"; //echo "<br> timenow = $timenow <br>"; $_SESSION['code'] = 1; $_SESSION['loggedin'] = 1; mysql_close(); return 1; }
if ($gender == 'm') { $email_text = sprintf(EMAIL_GREET_MR, $lastname); } else { $email_text = sprintf(EMAIL_GREET_MS, $lastname); } } else { $email_text = sprintf(EMAIL_GREET_NONE, $firstname); } $email_text .= EMAIL_WELCOME . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_WARNING; tep_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); // added by scotty to enable ip of customer if no duplicate ip seen (hacker making 2 accounts) // so they won't have to login after a new account created. mysql_close(); $remote_addr = $HTTP_SERVER_VARS["REMOTE_ADDR"]; //$mysql = new_mysql($username,$password,$database,"localhost"); $mysql = new_mysql($mysql_username, $mysql_password, $mysql_database, $mysql_hostname); if (check_user_already($email_address, $remote_addr, $mysql) == 1) { $expire = update_account($email_address, $remote_addr, $mysql, $configValues); $timenow = time(); if ($timenow < $expire) { ip_enable($HTTP_SERVER_VARS["REMOTE_ADDR"]); } } mysql_close(); tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL')); } } $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL')); require DIR_WS_INCLUDES . 'template_top.php'; require 'includes/form_check.js.php'; ?>
<br><br> <?php if ($global['global_product_notifications'] != '1') { echo TEXT_NOTIFY_PRODUCTS . '<br><p class="productsNotifications">'; $products_displayed = array(); for ($i = 0, $n = sizeof($products_array); $i < $n; $i++) { if (!in_array($products_array[$i]['id'], $products_displayed)) { echo tep_draw_checkbox_field('notify[]', $products_array[$i]['id']) . ' ' . $products_array[$i]['text'] . '<br>'; $products_displayed[] = $products_array[$i]['id']; } } echo '</p>'; } else { echo TEXT_SEE_ORDERS . '<br><br>' . TEXT_CONTACT_STORE_OWNER; } $mysql = new_mysql($username, $password, $database, "localhost"); $emailaddress = GetEmailAddress((int) $customer_id, $mysql); if (strcmp($emailaddress, "nul") != 0) { $ExpireDate = date(" d M Y g:i:sA ", update_account($emailaddress, $HTTP_SERVER_VARS["REMOTE_ADDR"], $mysql, $configValues)); ip_enable($HTTP_SERVER_VARS["REMOTE_ADDR"]); $emailaddress = $emailaddress . " ok"; } //$ExpireDate = GetExpireDate((int)$customer_id,$mysql); mysql_close($mysql); ?> <h3><?php echo TEXT_THANKS_FOR_SHOPPING . '<br> your IP address: ' . $HTTP_SERVER_VARS["REMOTE_ADDR"] . ' <br> for email: ' . $emailaddress . '<br> New Expire Date: ' . $ExpireDate; ?> </h3></td> </tr> </table></td>