} if (isset($_GET['mod'])) { $query = "update account set email = '" . $_POST['email'] . "', password = "******"") { $query .= "'" . base64_encode(encrypto($_POST['password'], strtolower(substr($_POST['email'], 0, 2)))) . "'"; } else { $db->query("select email,password from account where id = '" . $_GET['mod'] . "'"); $oldpassword = trim(decrypto(base64_decode($db->result("password")), substr($db->result("email"), 0, 2))); $query .= "'" . base64_encode(encrypto($oldpassword, strtolower(substr($_POST['email'], 0, 2)))) . "'"; } $query .= ", po = '{$po}', taxrate = " . (is_numeric($_POST['taxrate']) ? "'" . $_POST['taxrate'] . "'" : "null") . " where id = '" . $_GET['mod'] . "'"; $db->query($query); $id = $mod; } else { #$error = 'success'; $id = $db->query("insert into account (email, password, po, taxrate, created) values('{$_POST['email']}', '" . base64_encode(encrypto($_POST[password], strtolower(substr($_POST['email'], 0, 2)))) . "', '{$po}', " . (is_numeric($_POST['taxrate']) ? "'" . $_POST['taxrate'] . "'" : "null") . ", '" . date("Y-m-d H:i:s", time()) . "')"); } print "<div align=\"center\" class=\"success\">Account updated successfully!</div><br>"; } } } if (!isset($_POST[email]) || $error) { if (isset($_GET['mod']) && !$error) { $results = mysql_query("select * from account where id = '" . $_GET['mod'] . "' LIMIT 1", $dbh); if (mysql_num_rows($results)) { $mdb = mysql_fetch_assoc($results); } } if ($error) { echo '<div align="center" class="error">', $error, '</div><br />'; }
} else { $db->query("select * from account where email = '" . $_POST[email] . "'"); if ($db->numrows()) { $error = "Account already exists. Please try logging in."; } else { $_SESSION['account_id'] = $db->query("insert into account (email, password, po, created) values('" . strtolower($_POST['email']) . "', '" . base64_encode(encrypto($_POST['password'], strtolower(substr($_POST[email], 0, 2)))) . "', 'n', '" . date("Y-m-d H:i:s", time()) . "')"); $_SESSION[email] = $_POST[email]; } } } if (isset($_POST['login'])) { if ($_POST[email] == "" || $_POST[password] == "") { $error = "Please specify an E-mail and Password to login!"; } else { # echo "select * from account where lower(email) = '".strtolower($_POST['email'])."' and (password = '******'password'],strtolower(substr($_POST['email'],0,2))))."' or password = '******'password']),strtolower(substr($_POST['email'],0,2))))."' or password = '******'password']),strtolower(substr($_POST['email'],0,2))))."')"; $db->query("select * from account where lower(email) = '" . strtolower($_POST['email']) . "' and (password = '******'password'], strtolower(substr($_POST['email'], 0, 2)))) . "' or password = '******'password']), strtolower(substr($_POST['email'], 0, 2)))) . "' or password = '******'password']), strtolower(substr($_POST['email'], 0, 2)))) . "')"); if ($db->numrows()) { $_SESSION[account_id] = $db->result("account.id"); $_SESSION[email] = $db->result("account.email"); $_SESSION[account_po] = $db->result("account.po"); $_SESSION[account_taxrate] = $db->result("account.taxrate"); } else { $error = "Invalid Email/Password. Please try again."; } } } if (!isset($_SESSION['account_id']) || $_SESSION['account_id'] < 1) { ?> <form method="post" action="<?php echo $PHP_SELF; ?>
$error = "Password must be between 4 and 16 characters."; } elseif ($_POST[password] != $_POST[cpassword]) { $error = "Passwords do not match."; } else { $db = new dbi(); $db->query("select * from account where email = '" . $_POST[email] . "' and id != '{$_SESSION['account_id']}'"); if ($db->numrows()) { $error = "Email account already exists."; } else { $query = "update account set email = '{$_POST['email']}', password = "******"") { $query .= "'" . base64_encode(encrypto($_POST[password], strtolower(substr($_POST[email], 0, 2)))) . "'"; } else { $db->query("select email,password from account where id = '{$_SESSION['account_id']}'"); $oldpassword = trim(decrypto(base64_decode($db->result("password")), substr($db->result("email"), 0, 2))); $query .= "'" . base64_encode(encrypto($oldpassword, strtolower(substr($_POST[email], 0, 2)))) . "'"; } $query .= " where id = '{$_SESSION['account_id']}'"; $db->query($query); $_SESSION[email] = $_POST[email]; } } } ?> <h1>Change Email/Password</h1> <form method="post" action="<?php echo $PHP_SELF; ?> "> <table width="90%" border="0" cellspacing="0" cellpadding="2" align="center"> <tr><td colspan="2" align="right"><a href="index.php">Back to Your Account</a></td></tr>