function &login()
{
// You need to implement Password Encryption or Reset
$HTML = array();
$HTML['email'] = '';
$HTML['password'] = '';
$HTML['login_error'] = '';
//Reset Error
if (getRequest('submitted', true, 'post') !== 'yes') {
return $HTML;
}
foreach ($HTML as $key => &$value) {
$value = getRequest($key, true, 'post');
}
//print_r(encrypt('P@ssw0rd') . " password : "******"userid", $userID['id']);
set_SESSION("email", $userID['email']);
set_SESSION("city", $userID['city']);
set_SESSION("country", $userID['country']);
set_header('account');
//If no errors -> go to account
exit;
}
return $HTML;
}
function &signup($edit = false)
{
// Check if there is still a valid session
validate_session(!$edit);
$valid_input = true;
// Create the HTML array with empty values
$HTML = array();
$HTML['password'] = '';
$HTML['confirm_password'] = '';
$HTML['email'] = '';
$HTML['city'] = '';
$HTML['countryID'] = '';
$HTML['password_encrypted'] = '';
// Check the submitted field
if (getRequest('submitted', true, 'post') !== 'yes') {
// Fill in the fields if it is an edit
if ($edit) {
$fields = getUserInfo(get_SESSION('userID'));
$HTML['email'] = $fields['email'];
$HTML['city'] = $fields['city'];
$HTML['countryID'] = $fields['countryID'];
$HTML['password_encrypted'] = $fields['password_encrypted'];
}
// Populate the select drop down box
getCountries($HTML['country_options_escape'], $HTML['countryID']);
return $HTML;
}
// Fill the array with the form data
foreach ($HTML as $key => &$value) {
$value = getRequest($key, true, 'post');
}
// Validate the email
if (empty($HTML['email'])) {
$HTML['email_error'] = 'Email cannot be empty';
$valid_input = false;
} else {
if (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
$HTML['email_error'] = 'Invalid Email Address';
$valid_input = false;
} else {
$newID = validate_record($HTML['email']);
if ($newID > 0 and (!$edit or $newID !== trim(get_SESSION('userID')))) {
$HTML['email_error'] = 'An account already exists with that email';
$valid_input = false;
}
}
}
// Validate the password
$saved_pass = false;
if ($edit and empty($HTML['password']) or $HTML['password'] === PASS_HOLDER and !empty($HTML['password_encrypted'])) {
// use the password that was saved before
$saved_pass = true;
} else {
if (empty($HTML['password'])) {
$HTML['confirm_password_error'] = 'Password cannot be empty';
$valid_input = false;
} else {
if ($HTML['password'] !== $HTML['confirm_password']) {
$HTML['confirm_password_error'] = 'Passwords do not match';
$valid_input = false;
} else {
if (!preg_match('/(?=.*\\d)(?=.*[a‐z])(?=.*[A-Z])(?=.*[\\.\\+\\\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\',"~`&@_;\\/#%-]).{6,20}/', $HTML['password'])) {
$HTML['confirm_password_error'] = 'Password must be 6-20 chars and more secure!';
$valid_input = false;
}
}
}
}
// Validate the city
if (empty($HTML['city'])) {
$HTML['city_error'] = 'City cannot be empty';
$valid_input = false;
} else {
if (preg_match('/(?=.*[\\d\\.\\+\\\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\'"~`&@_;\\/#%])/', $HTML['city'])) {
$HTML['city_error'] = 'Special characters are not allowed';
$valid_input = false;
}
}
// Validate the country
if (empty($HTML['countryID'])) {
$HTML['countryID_error'] = 'Please select your country';
$valid_input = false;
} else {
if (!validate_countryID($HTML['countryID'])) {
$HTML['countryID_error'] = 'Invalid country submitted';
$valid_input = false;
}
}
if ($valid_input) {
// If it is the edit page update the user and return to account page
if ($edit) {
updateUser($HTML, $saved_pass);
set_header('account');
exit;
}
if (empty($GLOBALS['DB'])) {
die('Database Link is not set');
}
// Create a user
$query = sprintf('INSERT INTO users (email, password, city, countryID) VALUES (\'%s\',\'%s\',\'%s\',\'%s\')', mysql_real_escape_string($HTML['email']), mysql_real_escape_string($saved_pass ? $HTML['password_encrypted'] : md5($HTML['password'])), mysql_real_escape_string($HTML['city']), mysql_real_escape_string($HTML['countryID']));
$result = mysql_query($query);
// Make sure it executed properly
if (!$result) {
$HTML['signup_error'] = 'Error adding user';
return $HTML;
}
set_SESSION('userID', validate_record($HTML['email']));
set_header('account');
exit;
}
// Populate the select drop down box since we have to go back to the page
getCountries($HTML['country_options_escape'], $HTML['countryID']);
// Store the password if it was valid and changed
if (empty($HTML['confirm_password_error'])) {
if (!empty($HTML['password']) and $HTML['password'] !== PASS_HOLDER) {
$HTML['password_encrypted'] = md5($HTML['password']);
$HTML['password'] = PASS_HOLDER;
$HTML['confirm_password'] = PASS_HOLDER;
}
// Clear the password if it was invalid or set it back to do not change if it is an edit page
} else {
if (!$edit) {
$HTML['password_encrypted'] = '';
}
$HTML['password'] = '';
$HTML['confirm_password'] = '';
}
return $HTML;
}
echo json_encode('That order number is already in use.');
return FALSE;
}
return TRUE;
}
$pager = new Pager('orders', Database::$order_fields, Database::$order_headings);
$pager->set_admin_mode();
$pager->set_editable();
if ($_GET['format'] == 'download') {
$pager->download();
} else {
if ($_GET['format'] == 'json') {
Template::check_ajax_key();
$pager->json($_GET['page']);
} else {
if ($_GET['format'] == 'write') {
Template::check_ajax_key();
if (validate_record($_GET)) {
$pager->write($_GET);
}
} else {
if ($_GET['format'] == 'delete') {
Template::check_ajax_key();
$pager->delete($_GET['key']);
} else {
Template::check_ajax_key();
$pager->json_single($_GET['key']);
}
}
}
}
