if ($row_count >= 10) {
echo "CA";
exit;
} else {
//if the user has made less than 10 attempts, register a new attempt.
//check if the email address is in the users table
$stmt2 = $handle->prepare("SELECT * FROM users WHERE email=:email");
$stmt2->execute(array(':email' => $email));
$row_count2 = $stmt2->rowCount();
if ($row_count2 > 0) {
$key = md5($email . date('Y-m-d H:i:s'));
//random key value based on time and email address
$insert = $handle->prepare("INSERT INTO reset (`email`, `key`) VALUES (:email, :key)");
$insert_query = $insert->execute(array(':email' => $email, ':key' => $key));
if ($insert_query) {
echo "Success";
//send a message to the user's email address
// $headers = 'MIME-Version: 1.0' . "\r\n";
// $headers .= 'From: Excess <*****@*****.**>' . "\r\n";
// $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$sub = "Reset Password | Excess Market";
$msg = "Click on the link below to reset your password. If you did not submit this request to have your password reset, \n\t\t\t\t\tignore this message and log in using your regular email/username and password.<br><a href='localhost/excess/reset.php?key=" . $key . "'>Reset My Password</a>";
// @mail($to, $sub, $msg, $headers);
mailtouser($email, $sub, $msg);
} else {
echo "Error";
}
} else {
echo "NF";
}
}
echo 'Error';
}
}
if ($flag == "listing") {
$com_post_id_new = intval($_POST['com_post_id_new']);
$com_user_id = intval($_POST['com_user_id']);
$content_post = htmlspecialchars($_POST['content_post']);
$postedBy = intval($_POST['postedBy']);
$updates = $handle->prepare("SELECT updates, email FROM users WHERE id=?");
$updates->execute(array($postedBy));
$updatesAll = $updates->fetchAll();
if (count($updatesAll) > 0) {
foreach ($updatesAll as $ua) {
$to_updates = $ua['updates'];
if ($to_updates == 1) {
$to_email = $ua['email'];
mailtouser($to_email, "A new comment was posted on your listing.", "A new comment was posted on one of your listings on Excess Market! Please log in to see more details.");
}
}
}
$sql = "INSERT INTO comments (com_post_id, com_user_id, com_content) VALUES (:com_post_id_new, :com_user_id, :content_post)";
$newcomment = $handle->prepare($sql);
$newcomment->execute(array(':com_post_id_new' => $com_post_id_new, ':com_user_id' => $com_user_id, ':content_post' => $content_post));
if ($newcomment) {
$notify = $handle->prepare("INSERT INTO notifications (user_id, type, post_id, content) VALUES (?, ?, ?, ?)");
$notify->execute(array($postedBy, $flag, $com_post_id_new, "You have a new comment on your listing!"));
echo 'Success';
} else {
echo 'Error';
}
}
$uquery = $handle->prepare("SELECT email FROM users WHERE id=:id");
$uquery->execute(array(':id' => $user_id));
$qall = $uquery->fetchAll();
foreach ($qall as $row) {
$email = $row['email'];
}
//check if the user is already banned
$banlist = $handle->prepare("SELECT * FROM banlist WHERE user_id=:user_id");
$banlist->execute(array(':user_id' => $user_id));
$is_banned = $banlist->rowCount();
//if not on the banlist
if ($is_banned < 1) {
if ($duration == "week") {
$duration = "1 Week";
}
if ($duration == "month") {
$duration = "1 Month";
}
if ($duration == "perm") {
$duration = "Indefinite";
}
$sub = "You have been banned | Excess Market";
$message = "This serves to inform you that you have been banned from Excess Market for the following reason: <b>" . $reason . "</b>\n\t\t\t\t\t<br>This ban is: <b>" . $duration . "</b>. You can appeal this ban by visiting the <a href='localhost/excess/banappeal.php'>Ban Appeal</a> page on our site.";
mailtouser($email, $sub, $message);
$query = $handle->prepare("INSERT INTO banlist (`user_id`, `reason`, `admin`, `duration`) VALUES (:user_id, :reason, :admin, :duration)");
$query->execute(array(':user_id' => $user_id, ':reason' => $reason, ':admin' => $admin, ':duration' => $duration));
echo "Success";
} else {
//already banned
echo "AB";
}
<?php
include '../connect.php';
include 'functions.php';
$id = $_POST['id'];
$email = $_POST['email'];
$message = $_POST['message'];
$subject = $_POST['subject'];
if ($email != null && $message != null && $subject != null) {
echo 'Success';
$query = $handle->prepare("UPDATE contact SET `date`=`date`, replied=1, response=:message WHERE id=:id");
$query->execute(array('message' => $message, ':id' => $id));
//send a message to the user's email address
// $headers = 'MIME-Version: 1.0' . "\r\n";
// $headers .= 'From: Excess Market<*****@*****.**>' . "\r\n";
// $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// $sub = "Excess Market | ".$subject;
// @mail($email, $sub, $message, $headers);
mailtouser($email, $subject, $message);
} else {
echo 'Error';
}
}
if (count($fetch_emails) > 0) {
echo "Email_exists";
exit;
}
if (count($fetch_emails2) > 0) {
echo "Email_register";
exit;
}
if ($password != $repass) {
echo "Password";
exit;
}
if (strlen($username) < 5) {
echo "Username";
exit;
}
$hash = sha1($email . $username);
// $headers = 'MIME-Version: 1.0' . "\r\n";
// $headers .= 'From: Excess Market<*****@*****.**>' . "\r\n";
// $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// $message = "Thank you for registering an account on Excess Market. You can click the following link to activate your account.
// localhost/excess/validate.php?=".$key;
// @mail($email,"Registration - Excess Market", $msg);
$ins = $handle->prepare("INSERT INTO register (username, fname, lname, email, password, hash) \n\t\t\t\t\t\t\t VALUES (:username, :firstname, :lastname, :email, :password, :hash)");
$execute = $ins->execute(array(':username' => $username, ':firstname' => $firstname, ':lastname' => $lastname, ':email' => $email, ':password' => $password, ':hash' => $hash));
if ($execute) {
mailtouser($email, 'Excess Market: Complete Registration', 'Thank you for registering an account on Excess Market. You can click the following link to activate your account (The link will expire after 24 hours).
<br>http://localhost/excess/validate.php?key=' . $hash);
echo "Success";
}
