/
account.php
410 lines (354 loc) · 14.8 KB
/
account.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
<?
/*****************************************************
*****************************************************
*
* This is seriously bad code. Don't use it!
*
*****************************************************
*****************************************************/
include "layout.inc";
function checkLoginCookies($dblogin, $dbpass, $db)
{
$CustomerID = $_COOKIE["id"];
$Username = trim(strtoupper($_COOKIE["username"]));
$Auth = trim(strtoupper($_COOKIE["auth"]));
if ($CustomerID == "" || $Username == "" || $Auth == "")
{
header('Location:login.php?ref=account.php');
generateGenericLayout($dblogin, $dbpass, $db, "<B>Account Settings</B>");
beginContentBox();
ECHO "You must be logged in. If you are not forwarded to the login page in 5 seconds, please <a href=login.php?ref=checkout.php>click here</a>.<BR>";
endContentBox();
exit;
}
mysql_connect(localhost, $dblogin, $dbpass);
@mysql_select_db($db) or die("Unable to select database");
$query = "SELECT * FROM customers WHERE CustomerID = $CustomerID and Username = '$Username' and Auth = '$Auth'";
$result = mysql_query($query) or die("Query failed:<BR>$query<BR>Error: " . mysql_error());
if (mysql_numrows($result) == 0)
{
header('Location:login.php?ref=checkout.php');
ECHO "You must be logged in. If you are not forwarded to the login page in 5 seconds, please <a href=login.php?ref=checkout.php>click here</a>.<BR>";
exit;
}
mysql_close();
return array(mysql_result($result, 0, "CustomerID"),
mysql_result($result, 0, "FName"),
mysql_result($result, 0, "LName"),
mysql_result($result, 0, "MName"),
mysql_result($result, 0, "Address1"),
mysql_result($result, 0, "Address2"),
mysql_result($result, 0, "City"),
mysql_result($result, 0, "State"),
mysql_result($result, 0, "Zip"),
mysql_result($result, 0, "Phone1"),
mysql_result($result, 0, "Phone2"),
mysql_result($result, 0, "Email"),
mysql_result($result, 0, "Username"),
mysql_result($result, 0, "Password")
);
}
function displayAccountInfo($CustomerID, $FName, $LName, $MName, $Address1, $Address2, $City, $State, $Zip, $Phone1, $Phone2, $Email, $Username, $Password)
{
$INPUTSIZE = 45;
ECHO "
<form action=account.php method=post>
<table border=0 cellpadding=0 cellspacing=0 align=LEFT>
<TR>
<TD align=RIGHT width=150><B>First Name:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=FName value='$FName' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Last Name:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=LName value='$LName' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Middle Name:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=MName value='$MName' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Address:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Address1 value='$Address1' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Address2 value='$Address2' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>City:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT> <input type=text name=City value='$City' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>State:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=State value='$State' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Zip:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Zip value='$Zip' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>First Phone:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Phone1 value='$Phone1' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Second Phone:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Phone2 value='$Phone2' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Username:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Username value='$Username' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>Email:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=text name=Email value='$Email' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD></TD>
<TD></TD>
<TD align=RIGHT><input type=Submit value='Update Account'></TD>
</TR>
</table>
<input type=hidden name=action value=update>
</form>
";
ECHO "
<form action=account.php method=post>
<P><BR><table border=0 cellpadding=0 cellspacing=0 align=LEFT>
<TR>
<TD align=RIGHT><B>Current Password:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=password name=Password value='$Password' size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>New Password:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=password name=NewPassword size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD align=RIGHT><B>New Password Verify:</B></TD>
<TD width=10><font color=#FFFFFF>.</font></TD>
<TD align=LEFT><input type=password name=NewPasswordVerify size=$INPUTSIZE><BR></TD>
</TR>
<TR>
<TD></TD>
<TD></TD>
<TD align=RIGHT><input type=Submit value='Change Password'></TD>
</TR>
</table>
<input type=hidden name=action value=newpass>
</form>
";
}
function updateData($CustomerID, $FName, $NewFName, $LName, $NewLName, $MName, $NewMName, $Address1, $NewAddress1, $Address2, $NewAddress2, $City, $NewCity, $State, $NewState, $Zip, $NewZip, $Phone1, $NewPhone1, $Phone2, $NewPhone2, $Email, $NewEmail, $Username, $NewUsername, $dblogin, $dbpass, $database)
{
ECHO "<ul>";
if ($NewFName == "")
{
ECHO "<li>Error updating first name, field must not be empty.";
$NewFName = $FName;
}
if ($NewLName == "")
{
ECHO "<li>Error updating last name, field must not be empty.";
$NewLName = $LName;
}
if ($NewAddress1 == "")
{
ECHO "<li>Error updating address (line one), field must not be empty. Address (line two) will not be updated either.";
$NewAddress1 = $Address1;
$NewAddress2 = $Address2;
}
if ($NewCity == "")
{
ECHO "<li>Error updating city, field must not be empty.";
$NewCity = $City;
}
if ($NewState == "")
{
ECHO "<li>Error updating state, field must not be empty.";
$NewState = $State;
}
if ($NewZip == "")
{
ECHO "<li>Error updating zip code, field must not be empty.";
$NewZip = $Zip;
}
if ($NewPhone1 == "")
{
ECHO "<li>Error updating phone number (primary), field must not be empty.";
$NewPhone1 = $Phone1;
}
if ($NewPhone2 == "")
{
ECHO "<li>Warning updating phone number (secondary), field is empty. Although it is not required, was this intentional? If you have no secondary phone number, disregard this warning.";
$NewPhone2 = $Phone2;
}
if ($NewEmail == "")
{
ECHO "<li>Error updating email address, field must not be empty.";
$NewEmail = $Email;
}
if ($NewUsername == "")
{
ECHO "<li>Error updating username, field must not be empty.";
$NewUsername = $Username;
}
mysql_connect(localhost, $dblogin, $dbpass);
@mysql_select_db($database) or die("Unable to select database.");
if (strtoupper($Username) != strtoupper($NewUsername))
{
$query = "SELECT * FROM customers WHERE Username = '$NewUsername'";
$result = mysql_query($query) or die("Query failed:<BR>$query<BR>Error: " . mysql_error());
if (mysql_numrows($result) >= 1)
{
ECHO "<li>Error updating username, new username is already in use.";
$NewUsername = $Username;
}
else
{
ECHO "<p><B>YOU WILL NEED TO RE-LOGIN SINCE YOU'VE MADE CHANGES TO YOUR USERNAME!</B><BR>";
}
}
$query = "UPDATE customers SET FName = '$NewFName',
LName = '$NewLName',
MName = '$NewMName',
Address1 = '$NewAddress1',
Address2 = '$NewAddress2',
City = '$NewCity',
State = '$NewState',
Zip = '$NewZip',
Phone1 = '$NewPhone1',
Phone2 = '$NewPhone2',
Username = '$NewUsername',
Email = '$NewEmail' WHERE CustomerID = $CustomerID";
$result = mysql_query($query) or die("Query failed:<BR>$query<BR>Error: " . mysql_error());
mysql_close();
if ($Email != $NewEmail)
{
mail($Email, "Drums of Summer Your Account's Email Change", "This email is to inform you that your email in the Drums of Summer database has been changed from $Email to $NewEmail. If this is invalid, or the change is without your authorization, let us know by emailing accounts@DrumsOfSummer.com.\n\nThank you.", "From: accounts@drumsofsummer.com\nX-Mailer: PHP 4.x");
}
$body = "This email is to inform you of changes to your Drums of Summer Account. Please review these changes and inform us if any are incorrect or were made without your authorization.\n\n";
$body .= "\n\tNAME\n\t\t$LName, $FName $MName\n";
$body .= "\tADDRESS:\n";
$body .= "\t\t$Address1\n";
if ($Address2 != "") { $body .= "\t\t$Addres2\n"; }
$body .= "\t\t$City, $State $Zip\n";
$body .= "\tPHONE:\n\t\t$Phone1\n";
if ($phone2 != "") { $body .= "\t\t$Phone2 (secondary)\n"; }
$body .= "\tEMAIL:\n\t\t$Email\n";
$body .= "\tUSERNAME:\n\t\t$Username\n";
$body .= "\nIf you have any questions, please contact accounts@drumsofsummer.com or visit DrumsOfSummer.com.\n";
mail($Email, "Drums of Summer Account Update", $body, "From: accounts@drumsofsummer.com\nX-Mailer: PHP 4.x");
}
function newPassword($CustomerID, $Email, $Password, $OldPassword, $NewPassword,
$NewPasswordVerify, $dblogin, $dbpass, $database)
{
if ($OldPassword != $Password)
{
ECHO "<B>Invalid Password</B>: Cannot update your password.<BR><P>";
return;
}
if ($NewPassword != $NewPasswordVerify)
{
ECHO "<B>NEW PASSWORD NOT VALID</B>: New Password and New Password Verify must match. These passwords are not case sensitive.<BR><P>";
ECHO "$NewPassword ... $NewPasswordVerify";
return;
}
if ($NewPassword == "")
{
ECHO "<B>NULL PASSWORD</B>: Password must not be empty, please enter a password!<BR><P>";
return;
}
mysql_connect(localhost, $dblogin, $dbpass);
@mysql_select_db($database) or die("Unable to select database");
$query = "UPDATE customers SET Password = '$NewPassword' WHERE CustomerID = $CustomerID";
$result = mysql_query($query) or die("Query failed:<BR>$query<BR>Error: " . mysql_error());
mysql_close();
ECHO "<B>PASSWORD UPDATE SUCCESSFUL</B><BR><P>";
mail($Email, "Drums Of Summer Password Change", "Your password on DrumsOfSummer.com has been changed. The new password is: $NewPassword. If you did not authorize this change, let us know!", "From: accounts@drumsofsummer.com\nX-Mailer: PHP 4.x");
if (strtoupper($Username) != strtoupper($NewUsername))
{
return false;
}
return true;
}
// ----------------------------------------------------- //
include "vars.inc";
list ($CustomerID,
$FName,
$LName,
$MName,
$Address1,
$Address2,
$City,
$State,
$Zip,
$Phone1,
$Phone2,
$Email,
$Username,
$Password) = checkLoginCookies($dblogin, $dbpass, $database);
$action = $_POST['action'];
if ($action != "update" && $action != "newpass")
{
generateGenericLayout($dblogin, $dbpass, $db, "<B>Now you can pick out your own seats!</B>");
beginContentBox();
displayAccountInfo($CustomerID, $FName, $LName, $MName, $Address1,
$Address2, $City, $State, $Zip, $Phone1, $Phone2,
$Email, $Username, "");
endContentBox();
exit;
}
if ($action == "newpass")
{
generateGenericLayout($dblogin, $dbpass, $db, "<B>Account Settings</B>");
beginContentBox();
$OldPassword = trim(strtoupper($_POST['Password']));
$NewPassword = trim(strtoupper($_POST['NewPassword']));
$NewPasswordVerify = trim(strtoupper($_POST['NewPasswordVerify']));
newPassword($CustomerID, $Email, $Password, $OldPassword, $NewPassword,
$NewPasswordVerify, $dblogin, $dbpass, $database);
displayAccountInfo($CustomerID, $FName, $LName, $MName, $Address1,
$Address2, $City, $State, $Zip, $Phone1, $Phone2,
$Email, $Username, "");
endContentBox();
exit;
}
if ($action == "update")
{
$NewFName = trim($_POST['FName']);
$NewLName = trim($_POST['LName']);
$NewMName = trim($_POST['MName']);
$NewAddress1 = trim($_POST['Address1']);
$NewAddress2 = trim($_POST['Address2']);
$NewCity = trim($_POST['City']);
$NewState = trim($_POST['State']);
$NewZip = trim($_POST['Zip']);
$NewPhone1 = trim($_POST['Phone1']);
$NewPhone2 = trim($_POST['Phone2']);
$NewEmail = trim($_POST['Email']);
$NewUsername = trim($_POST['Username']);
if (updateData($CustomerID, $FName, $NewFName, $LName, $NewLName, $MName, $NewMName, $Address1, $NewAddress1, $Address2, $NewAddress2, $City, $NewCity, $State, $NewState, $Zip, $NewZip, $Phone1, $NewPhone1, $Phone2, $NewPhone2, $Email, $NewEmail, $Username, $NewUsername, $dblogin, $dbpass, $database))
{
generateGenericLayout($dblogin, $dbpass, $db, "<B>Account Settings</B>");
beginContentBox();
displayAccountInfo($CustomerID, $FName, $LName, $MName, $Address1,
$Address2, $City, $State, $Zip, $Phone1, $Phone2,
$Email, $Username, "");
endContentBox();
}
exit;
}
?>