public function showMessage($messageID)
{
$messageID = trim(htmlentities($messageID, ENT_QUOTES, "UTF-8"));
$messageID = $GLOBALS['DB']->escapeString($messageID);
$message = $GLOBALS['DB']->query("SELECT * FROM messages WHERE messageID = '{$messageID}' ");
//Prüfung nachui ob überhaupt berechtigt zu lesen
if ($message[0]['toUser'] != $_SESSION['userID']) {
die("Sie sind nicht berechtigt diese Nachricht zu lesen.");
}
//INfo vlei entfernen die bleibt aber
echo "<a href='showallmessages.php'>Zurück zur Übersicht</a> ";
echo "<a href='showallmessages.php?d={$messageID}'>Nachricht löschen</a><br /><br />";
$fromUser = new System\Helper();
echo $message[0]['subject'] . "<br />";
echo "von " . $fromUser->getUserInfo($message[0]['fromUser'], "firstName") . " " . $fromUser->getUserInfo($message[0]['fromUser'], "name");
echo " vom " . date("d.m.Y H:i", $message[0]['time']) . "<br /><br />";
echo nl2br($message[0]['message']);
echo "<br /><br />";
echo "Antworten: <br />";
$this->printSendMessageForm($message[0]['fromUser'], true);
//Gesehen
$updateOpened = $GLOBALS['DB']->query("UPDATE messages SET opened = '2' WHERE messageID = '{$messageID}' ");
}
<?php require_once "../../common.php"; require_once "../classes/class.Follow.php"; require_once "../classes/class.Order.php"; $log = new System\Login(1); $follow = new Follow(); $sales = new Order(); System\HTML::printHead(); System\HTML::printHeader(); $userID = trim(htmlentities($_SESSION['userID'], ENT_QUOTES, "UTF-8")); $userID = $GLOBALS['DB']->escapeString($userID); $user = new System\Helper(); $firstName = $user->getUserInfo($userID, "firstName"); ?> <div role="main" class="main"> <section class="page-top"> <div class="container"> <div class="row"> <div class="span12"> <ul class="breadcrumb"> <li><a href="../../index.php">Startseite</a> <span class="divider">/</span></li> <li class="active">Mein Account</li> </ul> </div> </div> <div class="row"> <div class="span12"> <h2>Hallo <?php
public function updateComment($commentID, $target)
{
if (isset($_POST['sendComment'])) {
if (empty($_POST['name'])) {
$getName = new System\Helper();
$name = $getName->getUserInfo($_POST['userID'], "firstName") . " " . $getName->getUserInfo($_POST['userID'], "name");
} else {
$name = trim(htmlentities($_POST['name'], ENT_QUOTES, "UTF-8"));
}
$comment = trim(htmlentities($_POST['comment'], ENT_QUOTES, "UTF-8"));
$commentID = $GLOBALS['DB']->escapeString($commentID);
$name = $GLOBALS['DB']->escapeString($name);
$comment = $GLOBALS['DB']->escapeString($comment);
$time = time();
$query = "UPDATE comments SET name = '{$name}', comment = '{$comment}', time = '{$time}' WHERE commentID = '{$commentID}' ";
$write = $GLOBALS['DB']->query($query);
if ($write == true) {
header("Location: {$target}");
exit;
}
}
}
$log = new System\Login(1);
//ArticleID überhaupt da?
if (isset($_SESSION['articleID'])) {
$articleID = trim(htmlentities($_SESSION['articleID'], ENT_QUOTES, "UTF-8"));
} else {
die;
}
//Nur wenn vorher ein richtiges Password im Securitybereich einegeben wurde
$security = new System\Security();
if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "order")) {
$order = new Order();
$order->sendOrder($articleID);
System\HTML::printHead();
System\HTML::printHeader();
$adress = new System\Helper();
if ($adress->getUserInfo($_SESSION['userID'], "street") == "") {
echo "<div class='container' style='margin-bottom: 250px;'>";
echo "<div class='row'>";
echo "<div class='span12' style='margin-bottom:12px;'>";
echo "<img id='lockimg' src='../../images/adress.png'>";
echo "<p style='padding-top: 30px;'>Hinterlegen Sie bitte ihre <strong>Adresse.</strong><br>";
echo "Ohne eine Adresse können Sie auf crollect keine Bestellungen tätigen.</p>";
echo "<a style='margin-left:5px;' href='../user/updateaddress.php' class='btn btn-primary'>Adresse eingeben</a>";
echo "</div>";
echo "</div>";
echo "</div>";
System\HTML::printFooter();
System\HTML::printFoot();
exit;
}
?>
$result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://www.crollect.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code;
$subject = "Ihre Bestätigungsmail";
$message = "Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link: " . $link;
$from = "From: crollect <*****@*****.**>";
$mailsended = mail($email, $subject, $message, $from);
if ($mailsended == true) {
return true;
} else {
return false;
}
}
$security = new System\Security();
if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "updateEmail")) {
$helper = new System\Helper();
$oldEmail = $helper->getUserInfo($_SESSION['userID'], "email");
if (isset($_POST['updateEmail'])) {
if (!empty($_POST['email']) && !empty($_POST['email2'])) {
if ($_POST['email'] == $_POST['email2']) {
$email = trim(htmlentities($_POST['email'], ENT_QUOTES, "UTF-8"));
$email = $GLOBALS['DB']->escapeString($email);
if (emailExist($email)) {
$info = "Diese Emailadresse existiert bereits.";
} else {
$userID = $_SESSION['userID'];
$time = time();
$writeInUpdated = $GLOBALS['DB']->query("INSERT INTO updateddata (userID, oldData, time) VALUES ('{$userID}', '{$oldEmail}', '{$time}') ");
if ($writeInUpdated == false) {
die('Etwas ist schiefgelaufen, versuchen sie es bitte später erneut.');
}
$write = $GLOBALS['DB']->query("UPDATE user SET email = '{$email}', verifiedEmail = '1' WHERE email = '{$oldEmail}' ");
$get = $GLOBALS['DB']->query("SELECT adminsession FROM adminsession WHERE adminID = '" . $_SESSION['adminID'] . "' ");
if (empty($get)) {
die('Sie haben keine Berechtigung');
}
} else {
echo "<a href='admin.php'>Einloggen</a>";
die;
}
echo "<a href='logout.php'>Logout</a><br /><br />";
$verify = $GLOBALS['DB']->query("SELECT * FROM verifypersonaldata LIMIT 1");
if (empty($verify)) {
die("Alle verifiziert.");
}
echo "<div style='float:left;'><img src='openimg.php?img=" . $verify[0]['IDfile'] . "' height='400' width='600'></div>";
$user = new System\Helper();
$data = $user->getUserInfo($verify[0]['userID']);
echo '<div style="float:left; margin-left: 70px;">';
echo "PassportID: <br>";
echo $verify[0]['passportID'] . "<br />";
echo "Name: <br />";
echo $data[0]['firstName'] . " " . $data[0]['name'] . "<br />";
echo "Strasse: <br />";
echo $data[0]['street'] . "<br />";
echo "PLZ und Stadt: <br />";
echo $data[0]['zipCode'] . " " . $data[0]['city'] . "<br />";
echo "Deutschland: <br />";
echo $data[0]['country'];
echo "</div>";
?>
<br>
<form action="" method="post">
<?php
require_once "../../common.php";
require_once "../classes/class.Article.php";
$log = new System\Login(1);
$security = new System\Security();
if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "createArticle")) {
$article = new Article();
$article->saveArticle($_SESSION['userID']);
System\HTML::printHead();
System\HTML::printHeader();
$user = new System\Helper();
$verifiedAccount = $user->getUserInfo($_SESSION['userID'], "verifiedAccount");
if ($verifiedAccount == 1) {
echo "<div class='container' style='margin-bottom: 250px;'>";
echo "<div class='row'>";
echo "<div class='span12' style='margin-bottom:12px;'>";
echo "<img id='lockimg' src='../../images/lock.png'>";
echo "<p style='padding-top: 30px;'>Sie müssen sich <strong>identifizieren</strong><br>";
echo "um eine Aktion starten zu können.</p>";
echo "<a style='margin-left:5px;' href='../account/identverify.php' class='btn btn-primary'>Jetzt identifizieren</a>";
echo "</div>";
echo "</div>";
echo "</div>";
System\HTML::printFooter();
System\HTML::printFoot();
exit;
}
?>
<div role="main" class="main">
public function printOrderForm($articleID)
{
echo '<script src="' . PROJECT_HTTP_ROOT . '/extLibs/jquery/jquery-1.10.2.min.js"></script>';
echo '<script src="' . PROJECT_HTTP_ROOT . '/extLibs/jquery/jquery.form.js"></script>';
//UserAdresse
echo "<strong>Lieferadresse</strong> <br />";
$userData = new System\Helper();
$user = $userData->getUserInfo($_SESSION['userID']);
echo $user[0]['firstName'] . " " . $user[0]['name'] . "<br />";
echo $user[0]['street'] . "<br />";
echo $user[0]['zipCode'] . " " . $user[0]['city'] . "<br />";
echo $user[0]['country'] . "<br /><br />";
//Article Daten
$articleData = $GLOBALS['DB']->query("SELECT headline, pricePerUnit, shipping, payment, shippingcountries, amount2, price2, purchases\r\n FROM article WHERE articleID = '{$articleID}' ");
$price = $articleData[0]['pricePerUnit'];
$shipping = $articleData[0]['shipping'];
$payment = $articleData[0]['payment'];
$payment = explode(", ", $payment);
$shippingcountries = $articleData[0]['shippingcountries'];
if (strlen($articleData[0]['headline']) > 20) {
$articleData[0]['headline'] = substr($articleData[0]['headline'], 0, 15) . "...";
}
if ($shippingcountries == "Germany" && $user[0]['country'] == $shippingcountries || $shippingcountries == "worldwide") {
echo "<div id='ordersum'>";
echo "<strong>Bestellung</strong><br>";
echo $articleData[0]['headline'] . "<br>";
echo "Preis <strong>max. " . $price . " € </strong> <br>";
echo "Versandkosten " . $shipping . "€ <br><br>";
echo "<form action='' method='post'>";
echo "<strong>Anzahl</strong> <br />";
echo "<input type='text' id='amount' name='amount' value='1' style='width:32px;'><br><br>";
if ($articleData[0]['payment'] != "not specified") {
echo "<strong>Zahlungsmethode </strong> <br>";
$payments = explode(",", $articleData[0]['payment']);
foreach ($payments as $payment) {
$payment = trim($payment);
if ($payment == "prepayment") {
echo "<input type='radio' name='payment' value='{$payment}'><img class='payimg' src='../../images/payments/moneyorder.png' alt='Vorüberweisung' >";
}
if ($payment == "sofort") {
echo "<input type='radio' name='payment' value='{$payment}'><img class='payimg' src='../../images/payments/sofortueberweisung.png' alt='sofort' >";
}
if ($payment == "paypal") {
echo "<input type='radio' name='payment' value='{$payment}'><img class='payimg' src='../../images/payments/paypal.png' alt='paypal' >";
}
if ($payment == "creditcard") {
echo "<input type='radio' name='payment' value='{$payment}'>";
echo "<img class='payimg' src='../../images/payments/mastercard.png' alt='Kreditkarten'>";
echo "<img class='payimg' src='../../images/payments/visa.png' alt='Kreditkarten'>";
echo "<img class='payimg' src='../../images/payments/diners-club.png' alt='Kreditkarten'>";
echo "<img class='payimgamx' src='../../images/payments/amex.png' alt='AMEX' height='30' width='50'>";
}
}
echo "<br>";
}
echo "<br>";
echo "<strong>Notiz</strong> <br> <textarea name='note' rows='3'></textarea>";
echo "<br><br>";
echo "<p id='ordprice'><strong>Gesamtpreis max.</strong> " . number_format($price + $shipping, 2, ',', '') . "€ (Versand inkl.)</p>";
echo "<input type='submit' name='order' class='btn btn-success' value='Bestellen' style='margin-top:5px; width:220px'> ";
echo "<br><br><p>Mit der Betätigung des Bestellenbuttons erklären <br> Sie nochmals mit unseren <a href='../../staticpages/agb.php'>AGB</a> einverstanden.</p>";
echo "</form>";
echo "</div>";
} else {
echo "<div id='ordersum'>";
echo "<strong>Der Versand erfolgt nur innerhalb Deutschlands. <br> <a href='../article/showarticle.php?a={$articleID}'>zurück zu Artikel</a></strong>";
echo "</div>";
}
?>
<script type="text/javascript">
$('#amount').keyup(function(){
amount = $('#amount').val();
price = <?php
echo $price;
?>
;
shipping = <?php
echo $shipping;
?>
;
if(amount != "")
{
fullPrice = amount*price+shipping;
$('#ordprice').html("<strong>Gesamtpreis max.</strong> "+fullPrice.toFixed(2)+" € (Versand inkl.)");
}
});
</script>
<?php
}
<div class="row">
<div class="span4">
<?php
$files = new ArticleFiles();
$files->showPics($articleID);
?>
</div>
<div class="span4" style="margin-left:0;">
<div id="headlinediv">
<h2 id="headline"><?php
echo $articleData[0]['headline'];
?>
</h2>
von <?php
echo $owner->getUserInfo($articleData[0]['userID'], "firstName") . " " . $owner->getUserInfo($articleData[0]['userID'], "name");
?>
</div>
<div id="price">
<?php
//Wenn UVP angeben, sonst nur Preis
if ($articleData[0]['listPrice'] != 0) {
echo "UVP: <s>" . $articleData[0]['listPrice'] . " € </s><br>";
echo "<h3 style='display: inline;'><span style='text-transform:lowercase;'>max.</span> € " . $articleData[0]['pricePerUnit'] . "</h3> <br>";
$save = $articleData[0]['listPrice'] - $articleData[0]['pricePerUnit'];
$rebate = $save / ($articleData[0]['listPrice'] / 100);
echo "Ersparnis: {$save} € <br>";
echo "<strong>" . round($rebate, 2) . " % Rabatt</strong><br>";
} else {
echo "<h3 style='display: inline;'><span style='text-transform:lowercase;'>max.</span> € " . $articleData[0]['pricePerUnit'] . "</h3> <br>";
