<?php include_once "../include/page.php"; $p = new Page('profile', 1); if (isset($_GET['action']) && $_GET['action'] == 'profile') { $p->addJs("loadXML('user')"); if ($_GET['password'] == 'd41d8cd98f00b204e9800998ecf8427e') { //hash of '' $p->db->qry("UPDATE users SET skin='{$_GET['skin']}',firstname='{$_GET['fname']}',\tlastname='{$_GET['lname']}', email='{$_GET['email']}' WHERE id='{$p->u->id}'"); } else { $p->db->qry("UPDATE users SET password='******'password']}', skin='{$_GET['skin']}', firstname='{$_GET['fname']}', lastname='{$_GET['lname']}', email='{$_GET['email']}' WHERE id='{$p->u->id}'"); $p->u->updatePassword($_GET['password']); } } else { $p->infoBox("To change your password fill out the password fields - or just leave them be to leave your password be."); } $p->db->qry("SELECT * FROM users WHERE id='" . $p->u->id . "'"); extract($p->db->fetchLast()); $p->db->qry("SELECT * FROM skins"); echo "<div id=\"accordion\"><h3><a>Profile</a></h3><div><form name=\"profile\" id=\"profile\" type=\"get\" onsubmit=\"javascript:\r\nif(document.profile.password.value == document.profile.cpassword.value){\r\n\tdocument.profile.cpassword.value='';\r\n\tsendForm(this, 'profile');\r\n} else {\r\n\tdocument.profile.password.value='';\r\n\tdocument.profile.cpassword.value='';\r\n\tdocument.profile.password.focus();\r\n\terrorMsg('Your passwords did not match. Have another go.')\r\n} return false;\">\r\n<table><tr><td>change password</td><td><input type=\"password\" name=\"password\" id=\"password\"/></td></tr>\r\n<tr><td>confirm password</td><td><input type=\"password\" name=\"cpassword\" id=\"cpassword\"/></td></tr>"; echo "<tr><td>skin</td><td><select name=\"skin\">"; while ($row = $p->db->fetchLast()) { echo "<option value='{$row['id']}'>{$row['name']}</option>"; } echo "</select></td></tr>"; $p->addJs("document.profile.skin.value = '{$p->u->skin}';"); $p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})"); echo "<tr><td>first name</td><td><input type=\"tex\r\n\tif(validatePopulated(document.profile.password.value))\r\n\t\tdocument.profile.password.value=hex_md5(document.profile.password.value);t\" name=\"fname\" id=\"fname\" value=\"{$firstname}\"/></td></tr>\r\n<tr><td>last name</td><td><input type=\"text\" name=\"lname\" id=\"lname\" value=\"{$lastname}\"/></td></tr>\r\n<tr><td>email</td><td><input type=\"text\" name=\"email\" id=\"email\" value=\"{$email}\"/></td></tr>\r\n<tr><td><input type=\"submit\" value=\"update\"')\"/></td></tr>"; echo "</table></form></div></div>";
if ($value != '') { do { $p->db->qry("INSERT INTO links (label, url, reqaccess, billoverride) VALUES ('{$_GET['label' . $value]}','{$_GET['url' . $value]}','{$_GET['access' . $value]}','{$_GET['billoverride' . $value]}')"); } while (($value = strtok(' ')) != null); } if ($_GET['newurl'] != '') { $p->db->qry("INSERT INTO links (label, url) VALUES ('{$_GET['newlabel']}','{$_GET['newurl']}')"); } $p->addJs("loadXML('links');"); //reload link bar straight away //PAGE SETTINGS } elseif ($_GET['action'] == 'pagesetup') { echo "<pre>" . print_r($_GET, true) . "</pre>"; //MODULE SETTINGS } elseif ($_GET['action'] == 'modulesetup') { $p->infoBox('Changing module settings can break the page. If this happens, just refresh your browser.'); $order = 0; $value = strtok($_GET['order'], ' '); do { $order++; $p->db->qry("UPDATE modules SET `enabled`='{$_GET["enabled" . $value]}', `order`='{$order}', `onsidebar`='{$_GET["onsidebar" . $value]}',`localrefresh`='{$_GET["localrefresh" . $value]}',`webrefresh`='{$_GET["webrefresh" . $value]}' WHERE `id` = '{$value}'"); } while ($value = strtok(' ')); $p->addJs("forceModulesUpdate();grabSidebar();"); //USER ADMIN } elseif ($_GET['action'] == 'useradmin') { $userid = strtok($_GET['victims'], ' '); do { $p->db->qry("UPDATE users SET `access`='{$_GET["access{$userid}"]}', `billable`='{$_GET["billable{$userid}"]}' WHERE id='{$userid}'"); } while (($userid = strtok(' ')) != null); } elseif ($_GET['action'] == 'user_delete') { $p->db->qry("UPDATE users SET disabled='1' WHERE id='" . $_GET['user'] . "'");
//halt rendering, and say access denied if (isset($_GET['action'])) { if ($_GET['action'] == 'pay') { $p->db->qry("UPDATE `bills` SET `paid` = 1, `datepaid` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'"); } if ($_GET['action'] == 'cancel') { $p->db->qry("UPDATE `bills` SET `paid` = 0 WHERE `id` = '" . $_GET['control'] . "'"); } } $p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})"); $p->l->addItem('manage bills', 'admin_bills', 2); $p->l->addLink('bendigo bank', 'https://www.bendigobank.com.au/banking/BBLIBanking/', 0); $p->l->addLink('commonwealth bank', 'https://www3.netbank.commbank.com.au/netbank/bankmain', 0); $p->l->addLink('nab', 'https://ib.nab.com.au/nabib/index.jsp', 0); echo $p->l->dispList(); $p->infoBox($p->db->getSetting('bills_info')); $p->db->qry("SELECT * FROM `bills` WHERE uid = '" . $p->u->id . "' AND `confirmed` = 0 ORDER BY `uid` ASC"); echo "<div id=\"accordion\"><h3><a>current bills</a></h3><div>"; if ($p->db->noLast() != 0) { $unpaid = 0; $unconfirmed = 0; echo "<table border=1><tr><td>service</td><td>amount</td><td>date added</td><td>date due</td><td>date paid</td><td>date confirmed</td></tr>\n"; while ($row = $p->db->fetchLast()) { extract($row); echo "<tr><td>{$service}</td>\r\n\t\t<td>\${$amount}</td>\r\n\t\t<td>{$dateentered}</td>\r\n\t\t<td>{$datedue}</td>\r\n\t\t<td>"; if (!$paid) { echo "<input type=\"button\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" onclick=\"javascript:sendPost('pages/bills.php?action=pay&control={$id}')\" value=\"mark as paid\"></td><td>"; if ($paypalemail = $p->db->getSetting('paypal_email')) { echo "<form action=\"https://www.paypal.com/cgi-bin/webscr\" target=\"_blank\" method=\"post\">\r\n\t\t\t\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick\">\r\n\t\t\t\t<input type=\"hidden\" name=\"business\" value=\"{$paypalemail}\">\r\n\t\t\t\t<input type=\"hidden\" name=\"lc\" value=\"AU\">\r\n\t\t\t\t<input type=\"hidden\" name=\"item_name\" value=\"{$p->u->username}{$service}\">\r\n\t\t\t\t<input type=\"hidden\" name=\"amount\" value=\"{$amount}\">\r\n\t\t\t\t<input type=\"hidden\" name=\"currency_code\" value=\"AUD\">\r\n\t\t\t\t<input type=\"hidden\" name=\"button_subtype\" value=\"services\">\r\n\t\t\t\t<input type=\"hidden\" name=\"shipping\" value=\"0.00\">\r\n\t\t\t\t<input type=\"hidden\" name=\"bn\" value=\"PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted\">\r\n\t\t\t\t<input type=\"submit\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" value=\"pay with paypal\" border=\"0\" name=\"submit\" title=\"pay via paypal, mastercard, visa etc.\">\r\n\t\t\t\t</form>"; } else { echo "pay first";
<?php include_once "../include/page.php"; $p = new Page("registration", 0); //dev(); if (isset($_GET['action']) && $_GET['action'] == "login" && isset($_GET['username']) && isset($_GET['password']) && ($result = $p->db->fetch($p->db->qry("SELECT username, password, disabled FROM users WHERE username = '******'username'] . "'")))) { if ($result['password'] == $_GET['password']) { if ($result['disabled']) { $p->infoBox("You have successfully identified yourself, but your account is disabled."); $p->infoBox("To gain access please talk to your admin."); echo "<input onclick=\"history.go(-1);\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" value=\"Return\"/>"; die; } else { $p->u->updateCookies($_GET['username'], $_GET['password']); $p->addJs("grabModules(); grabSidebar(); setTimeout('history.go(-1)',500);"); die($p->infoBox("Logging In...")); } } else { //incorrect password $p->infoBox("You seem to have inaccuratly typed your password. For examples sake, I have intentionally misspelled inaccurately. Poor you.<br/>Try again, or you can ask your benevolent admin to reset it..."); $p->infoBox("If you have not used this system before, please register."); } } else { if (isset($_GET['action']) && $_GET['action'] == "wanttoregister") { $p->infoBox("Here is the paperwork.."); } else { if (isset($_GET['action']) && $_GET['action'] == "register") { //make sure there are no duplicate names $p->db->qry("SELECT username, disabled FROM users WHERE username = '******'username'] . "'"); if ($row = $p->db->fetchLast()) { if ($row['disabled']) {