function makeVerificationCode($email)
{
$email = $GLOBALS['DB']->escapeString($email);
$code = md5($email . time() . System\Helper::generateRandomToken());
$time = time();
$result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://www.crollect.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code;
$subject = "Ihre Bestätigungsmail";
$message = "Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link: " . $link;
$from = "From: crollect <*****@*****.**>";
$mailsended = mail($email, $subject, $message, $from);
if ($mailsended == true) {
return true;
} else {
return false;
}
}
function makeVerificationCode($email)
{
$email = $GLOBALS['DB']->escapeString($email);
$code = md5($email . time() . System\Helper::generateRandomToken());
$time = time();
$result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://crollect.vladempire.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code;
$subject = "Ihre Bestätigungsmail";
$message = "Wir freuen uns sehr über ihre Anmeldung. Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link oder kopieren Sie\r\n ihn in die Browserleiste falls der Link nicht richtig dargestellt wird: <a href='" . $link . "'>" . $link . "</a>";
$header = "From: crollect ***\n";
$header .= "Reply-To: ***\n";
$header .= "Content-Type: text/html; charset=utf-8 \n";
$mailsended = mail($email, $subject, $message, $header);
if ($mailsended == true) {
return true;
} else {
return false;
}
}
public function sendCodeNewPassword()
{
?>
<form action="" method="post">
<div class="row" style="margin-left:80px;">
<div class="span6">
<input type="text" name="login" size="30" maxLength="100" placeholder="Emailadresse">
</div>
</div>
<div class="row" style="margin-left:80px;">
<div class="span6">
<input type="submit" class="btn btn-primary" style="width:220px;" name="send" value="Senden">
</div>
</div>
</form>
<?php
if (isset($_POST['send'])) {
$email = trim(htmlentities($_POST['login'], ENT_QUOTES, "UTF-8"));
$email = $GLOBALS['DB']->escapeString($email);
if ($this->emailExist($email)) {
$code = md5($email . time() . System\Helper::generateRandomToken());
$time = time();
$codeExist = $GLOBALS['DB']->query("SELECT * FROM newpasswordcode WHERE email = '{$email}' ", true);
if ($codeExist->num_rows > 0) {
$GLOBALS['DB']->query("DELETE FROM newpasswordcode WHERE email = '{$email}' ");
}
$result = $GLOBALS['DB']->query("INSERT INTO newpasswordcode (email, newPasswordCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://***/scripts/regpassword.php?e=" . $email . "&c=" . $code;
$subject = "Ihr neues Passwort";
$message = "Klicken Sie auf den Link um ihr Passwort wieder her zu stellen oder kopieren Sie den Link in den Browser: " . $link;
$header = "From: crollect <***>\n";
$header .= "Reply-To: ***\n";
$header .= "Content-Type: text/html; charset=utf-8 \n";
$mailsended = mail($email, $subject, $message, $header);
if ($mailsended == true) {
$this->info = "Eine Email wurde an Sie verschickt. Der Code zur Passwortweiderherstellung ist 24 Stunden gültig.";
} else {
$this->info = "Etwas ist schief gelaufen";
}
} else {
$this->info = "Diese Emailadresse exisitert nicht.";
}
}
}
$type = "createArticle";
} elseif ($_GET['i'] == 4 && isset($_GET['a'])) {
$articleID = trim(htmlentities($_GET['a'], ENT_QUOTES, "UTF-8"));
$_SESSION['articleID'] = $articleID;
$linkTo = "../order/orderarticle.php";
$type = "order";
} else {
header("Location: ../../404.php");
exit;
}
$deleteOldToken = $GLOBALS['DB']->query("DELETE FROM securitytoken WHERE userID = '" . $_SESSION['userID'] . "' ");
$log = new System\Login(1);
$security = new System\Security();
$access = $security->askPassword($_SESSION['userID']);
if ($access[0]) {
$_SESSION['securityToken'] = System\Helper::generateRandomToken();
$userID = $_SESSION['userID'];
$securityToken = $_SESSION['securityToken'];
$time = time();
$writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) VALUES ('{$userID}', '{$securityToken}', '{$type}', '{$time}') ");
if ($writeToken == true) {
header("Location: {$linkTo}");
exit;
}
} else {
$info = $access[1];
}
System\HTML::printHead();
System\HTML::printHeader();
?>
public function showBuyer($articleID)
{
$articleID = trim(htmlentities($articleID, ENT_QUOTES, "UTF-8"));
$articleID = $GLOBALS['DB']->escapeString($articleID);
$sales = $GLOBALS['DB']->query("SELECT userID, headline, runtime, purchases, paid FROM article WHERE articleID = '{$articleID}' ");
// Überhaupt berechtigt?
if ($sales[0]['userID'] == $_SESSION['userID']) {
if ($sales[0]['runtime'] > time()) {
$buyers = $GLOBALS['DB']->query("SELECT userID, amount, fullPrice FROM articleorder WHERE articleID = '{$articleID}' ");
echo "<table class='table'>";
echo "<tr><th>Email</th><th>Name</th><th>Gesamtbetrag in €</th><th>Einheiten</th></tr>";
foreach ($buyers as $key => $buyer) {
$buyerData = $GLOBALS['DB']->query("SELECT email, name, firstName FROM user WHERE userID = '" . $buyer['userID'] . "' ");
$email = substr($buyerData[0]['email'], 0, 4) . "***** ";
$price = number_format($buyer['fullPrice'], 2, '.', '');
echo "<td>" . $email . "</td>";
echo "<td>" . $buyerData[0]['firstName'] . " " . $buyerData[0]['name'] . "</td>";
echo "<td>" . $price . "</td>";
echo "<td>" . $buyer['amount'] . "</td>";
}
echo "</table>";
} else {
if ($sales[0]['paid'] == 2) {
$_SESSION['securityToken'] = System\Helper::generateRandomToken();
$_SESSION['articleID'] = $articleID;
$userID = $_SESSION['userID'];
$securityToken = $_SESSION['securityToken'];
$time = time();
$writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) \r\n VALUES ('{$userID}', '{$securityToken}', 'list', '{$time}') ");
//zur PDF Datei
echo "<a class='btn btn-success' style='float:right;' href='" . PROJECT_HTTP_ROOT . "/scripts/order/orderlist.php'><i class='icon-file'></i> PDF</a>";
echo "<h3>" . $sales[0]['headline'] . "</h3>";
echo "<table class='table'>";
echo "<tr><th>Email</th><th>Versandadresse</th><th>Gesamtbetrag in €</th><th>Einheiten</th><th>Nachricht</th></tr>";
$buyers = $GLOBALS['DB']->query("SELECT userID, amount, fullPrice FROM articleorder WHERE articleID = '{$articleID}' ");
foreach ($buyers as $key => $buyer) {
$buyerData = $GLOBALS['DB']->query("SELECT * FROM user WHERE userID = '" . $buyer['userID'] . "' ");
$price = number_format($buyer['fullPrice'], 2, '.', '');
echo "<td>" . $buyerData[0]['email'] . "</td>";
echo "<td>" . $buyerData[0]['firstName'] . " " . $buyerData[0]['name'] . "<br>" . $buyerData[0]['street'] . "<br>" . $buyerData[0]['zipCode'] . "<br>" . $buyerData[0]['city'] . "<br>" . $buyerData[0]['country'] . "</td>";
echo "<td>" . $price . "</td>";
echo "<td>" . $buyer['amount'] . "</td>";
echo "<td><a href='../messages/sendmessage.php?a=" . $articleID . "&u=" . $buyer['userID'] . "'><i class='icon-envelope'></i> Nachricht senden</a></td>";
}
echo "</table>";
$this->printPayInfoForm();
} else {
echo "<p style='text-align:center;'><strong>Die Aktion ist beendet.</strong> Gleichen Sie bitte ihren Kontostand aus um \r\n die Käuferdaten zu erhalten und um die Käufer zu kontaktieren.<p><br>";
echo "<a style='margin-left:40%' class='btn btn-success' href='../account/accountbalance.php'>Konto ausgleichen</a>";
}
}
} else {
die("Sie sind nicht berechtigt diese Seite zu betreten.");
}
}
