<?php
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
echo "<b>This is the Discontinued Stock View</b>";
$strUserID = funcSanitize($_POST["UserID"]);
//query to get all baskets
$strQuery = "SELECT stockID, Name, NoOfItems, RRP FROM tblItem where NoOfItems = -1 order by NoOfItems";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strResult) != 0) {
echo "<p><table><tr><td class='titleRow'>stockID</td><td class='titleRow'>Name</td><td class='titleRow'>NoOfItems</td><td class='titleRow'>RRP</td></tr>";
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
echo "\n<tr>";
echo "\n<td><a href='default.php?Action=ViewItem&stockID=" . $line["stockID"] . "'>" . $line["stockID"] . "</a></td><td>" . $line["Name"] . "</td><td>" . $line["NoOfItems"] . "</td><td>" . $line["RRP"] . "</td>";
echo "\n</tr>";
}
echo "</table>";
} else {
echo "<p>No Outstanding orders to display!";
}
$strQuery = "INSERT INTO tblSession (PHPSESSIONID, TimeStmp) values ('" . session_id() . "', '" . $strNow . "')";
$strResult = mysql_query($strQuery) or die("Query Failed:" . mysql_error());
}
?>
<HTML>
<HEAD>
<TITLE>Sci-Fi Vault</TITLE>
<link rel="stylesheet" href="stylesheets/mainstylesheet.css" type="text/css">
</HEAD>
<BODY bgcolor="#FFFFFF" text="#000000" link="#000000" vlink="#000000" alink="#000000" leftmargin="0" topmargin="0">
<?php
$strStockID = funcSanitize($_GET['Item']);
if ($strStockID == "") {
echo "<meta http-equiv='REFRESH' content='0; URL=index3.php'>";
exit;
}
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_readStor", "fhyF=ruR^#1|WO") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
funcDebug("stockID: " . $strStockID);
$strQuery = "SELECT * FROM tblItem where stockID LIKE '" . $strStockID . "'";
<?php
//connect to server
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
$strItem1 = funcSanitize($_POST["SPitem1"]);
$strItem2 = funcSanitize($_POST["SPitem2"]);
$strItem3 = funcSanitize($_POST["SPitem3"]);
$strItem4 = funcSanitize($_POST["SPitem4"]);
$strItem5 = funcSanitize($_POST["SPitem5"]);
$strItem6 = funcSanitize($_POST["SPitem6"]);
funcLogToDebug("submitSpecialItemsFP.php: " . $strItem1 . "," . $strItem2 . "," . $strItem3 . "," . $strItem4 . "," . $strItem5);
//first thing is first, remove all special items (subcategory) tags for the posted category
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '0' where DisplayonFrontPage = '1'";
//echo $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 1st item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem1 . "'";
//echo "<br>" . $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 2nd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem2 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 3rd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem3 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 4th item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem4 . "'";
$strUpdateQuery = "UPDATE tbl_UserLogin SET LastLoginTime = '" . $strNow . "', UserStatus = '0' where UserID = '" . $strUserID . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
//echo $value;
//echo "<b>" . $cookieData;
//echo $_POST["url"];
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " logged in from " . funcSanitize($_SERVER["HTTP_REFERER"]));
if ($_POST["url"] == 'BasketLogin.php') {
//echo $_POST["url"];
echo "<meta http-equiv='refresh' content='0;url=/ChooseDelivery.php?strUserID=" . $strUserID . "'>";
} elseif ($_POST["pagelink"] == "") {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " forwarding to account management");
echo "<meta http-equiv='refresh' content='0;url=/UserOutstandingOrders.php?strUserID=" . $strUserID . "'>";
} else {
//echo $_GET["url"];
//echo "<meta http-equiv='refresh' content='0;url=/UserOutstandingOrders.php?strUserID=" . $strUserID ."'>";
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " forwarding to " . funcSanitize($_POST["pagelink"]));
echo "<meta http-equiv='refresh' content='0;url=" . $_POST["pagelink"] . "'>";
}
} elseif ($conNumberofRows == 0) {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " doesn't appear in the database..");
echo "User and/or Password incorrect";
echo "<meta http-equiv='refresh' content='0;url=/UserLogon.php?UserPassError=1'>";
$strUpdateQuery = "UPDATE tbl_UserLogin SET UserStatus = '" . $strUserState . "' where UserID = '" . $strUserID . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
//echo "<br>" . $strUserID;
//echo "<br>" . $strPassword ."(" . md5($strPassword) .")";
//echo "<br>" . $strEmailAddress;
} else {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " multiple user entries with this user/pwd/combo");
echo "Serious Error here! More than 1 entry in the database with this user/password/email combination.";
}
//update tblItems with new stock value
$strUpdatedStockValue = $line["NoOfItems"] - $qty;
//funcDebug ("Updated stock value: " . $strUpdatedStockValue);
$strUpdateStockQuery = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedStockValue . "' WHERE stockID = '" . $itemcode . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
} else {
//oh dear, no stock left
echo "Not enough stock I'm afraid for that item";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
exit;
}
}
//header('location: ' . $_SERVER['PHP_SELF']);
if (isset($_POST['Search'])) {
header('location: ' . $_POST['page'] . "?Search=" . funcSanitize($_POST['Search']));
} else {
header('location: ' . $_POST['page']);
}
exit;
}
?>
<HTML>
<br><a href="index3.php">index3.php</a>
<br><a href="session.php">session.php</a>
</HTML>
<?php include 'includes/SharedFunctions.php'; $strStockID = funcSanitize($_POST["stockID"]); echo "<meta http-equiv='Refresh' content='0; url=default.php?Action=AmendItem&stockID=" . $strStockID . "'>";
<?php
include 'includes/Link.php';
include 'includes/SharedFunctionsStrict.php';
$strUserOrdertoAdd = funcSanitize($_POST["email"]);
funcDebug("AddPreOrder.php: AddPreOrder.php fired " . $strUserOrdertoAdd);
$strSessionID = "PreOrder";
$strAuthCookie = "PreOrder";
$strNow = date('Y-m-j H:i:s');
foreach ($_POST as $key => $val) {
$arrItem = split("#", $key);
$strUserID = $arrItem[0];
echo $key;
exit;
}
$strAddressQuery = "SELECT * from tbl_UserLogin where UserID = '" . $strUserID . "'";
$strAddressResult = mysql_query($strAddressQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strAddressResult);
if ($conNumberofRows == 0) {
echo "You've not got a delivery address";
echo "<br><br> Click <a href='UserDetails.php?strUserID=" . $strUserID . "'>here</a> to go back to shop";
exit;
}
while ($line2 = mysql_fetch_array($strAddressResult, MYSQL_ASSOC)) {
if ($line2["FirstName"] != "") {
$strFirstName = trim(funcDecrypt(hex2bin($line2["FirstName"])));
}
if ($line2["SurName"] != "") {
$strSurName = trim(funcDecrypt(hex2bin($line2["SurName"])));
}
if ($line2["AddressLine1"] != "") {
$strLimit = "LIMIT 5";
}
$strCOQuery = "SELECT * FROM tbl_Orders where emailAddress = '" . $strUserID . "' and status = 'SENT' order by IPNDateTime DESC " . $strLimit;
$strCOResults = mysql_query($strCOQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strCOResults) != 0) {
echo "<p>\n<table id='rightmenus'>";
echo "<tr><td id='headings'>Order No</td><td id='headings'>Email Address</td><td id='headings'>Payment Received</td><td id='headings'>Cost</td><td id='headings'>Status</td></tr>";
while ($line = mysql_fetch_array($strCOResults, MYSQL_ASSOC)) {
echo "<tr> <td> <a href='/stock2/OrderView.php?strOrder=" . $line["OrderNo"] . "'>" . $line["OrderNo"] . "</a></td><td>" . $line["emailaddress"] . " </td><td> " . $line["IPNDateTime"] . "</td><td>£" . sprintf("%01.2f", $line["Shipping"] + $line["Cost"]) . "</td> <td>" . $line["Status"] . "</td> </tr>";
}
echo "</table>";
} else {
echo "<p>No Completed Orders";
}
echo "<p><b>Pre Orders</b> ";
if (funcSanitize($_GET["subAction"]) == "PO") {
echo "(all)";
$strLimit = "";
} else {
echo "(last 5...)";
$strLimit = "LIMIT 5";
}
$strPOQuery = "SELECT * FROM tbl_PreOrder where emailaddress = '" . $strUserID . "' order by date DESC " . $strLimit;
$strPOResults = mysql_query($strPOQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strPOResults) != 0) {
echo "<form action='submitPreOrder.php' method='POST'>";
echo "<p>\n<table id='rightmenus'>";
echo "<tr><td id='headings'>stockID</td><td id='headings'>Date Recieved</td><td id='headings'>Qty</td><td></td></tr>";
while ($line = mysql_fetch_array($strPOResults, MYSQL_ASSOC)) {
echo "<tr> <td> " . $line["stockID"] . "</td><td>" . $line["date"] . " </td><td> " . $line["qty"] . "</td><td> \r\n\t\t\t\t<input type='checkbox' name='combineorder[]' value='" . $line["stockID"] . "#" . $line["qty"] . "#" . $line["emailaddress"] . "#" . $line["uid"] . "'>\r\n\t\t\t\t</td> </tr>";
//echo "<input type='hidden' name='qty' value='" . $line["qty"] ."'>";
dateline[9] = month + "/" + date + "/" + year2;
dateline[10] = month + "-" + date + "-" + year2;
dateline[11] = days[day] + " " + months[month] + " " + date;
dateline[12] = days[day] + ", " + date + " " + months[month] + " " + year;
document.write(dateline[Style]);
//-->
</script>
</div>
</td>
</tr>
</table>
<BR>
<?php
include 'includes/SharedFunctionsStrict.php';
$strUserID = funcSanitize($_GET["user"]);
echo $strUserID;
/************************************************************************
* connect to database
*************************************************************************/
$link = mysql_connect("localhost", "sfvault_readStor", "fhyF=ruR^#1|WO") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strQuery = "SELECT * from tbl_UserLogin where UserID = '" . $strUserID . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strResult);
if ($conNumberofRows = 1) {
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
if ($line["FirstName"] != "") {
$strFirstName = trim(funcDecrypt(hex2bin($line["FirstName"])));
}
<HTML>
<HEAD><link rel="stylesheet" href="stylesheets/mainstylesheet.css" type="text/css"></HEAD>
<BODY>
<?php
//standard functions
include 'includes/SharedFunctionsStrict.php';
//Connect to database
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
mysql_select_db("sfvault_store") or die("Could not select database");
//Place posted email address in to a string
$strEmailAddress = funcSanitize($_POST["email"]);
//check user is in our database
//Does User Exist
$strUserQuery = "SELECT UserID,emailAddress,password FROM tbl_UserLogin where emailAddress = '" . $strEmailAddress . "'";
$strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error());
//User Exists, so Error gracefully, then forward the user on
$conNumberofRows = mysql_num_rows($strUserResult);
if ($conNumberofRows == 0) {
//if not, log to event log and forward to front page.
funcLogToDebug("passwordRetrieval.php: No user in DB for " . $strEmailAddress);
echo "<meta http-equiv='refresh' content='0;url=/index3.php'>";
} else {
//User Does exist so end
//Generate 8 digit random password
$length = 8;
$key_chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$rand_max = strlen($key_chars) - 1;
for ($i = 0; $i < $length; $i++) {
$rand_pos = rand(0, $rand_max);
<?php
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
include 'includes/SharedFunctions.php';
if (isset($_POST['Update'])) {
$qty = funcSanitize($_POST['qty']);
$itemcode = funcSanitize($_POST['item']);
$strBool = 0;
$counter = 0;
//additional check to make sure $qty is a numeric
if (ereg("[0-9]+", $qty)) {
funcDebug("Quantity string is numeric");
} else {
echo "Invalid Input, stop trying to put non-numerics in the quantity field";
exit;
}
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//is row locked?
$strLockCheck = "SELECT ColumnLock FROM tblItem WHERE stockID = '" . $itemcode . "'";
$strLockResult = mysql_query($strLockCheck) or die("Query Failed: " . mysql_error());
while ($line = mysql_fetch_array($strLockResult, MYSQL_ASSOC)) {
<HTML>
<HEAD></HEAD>
<?php
include 'includes/SharedFunctions.php';
$strUserName = funcSanitize($_GET["UserID"]);
$strVerifyCode = funcSanitize($_GET["VerifyKey"]);
funcDebug($strUserName);
funcDebug($strVerifyCode);
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strUserQuery = "SELECT UserID FROM tbl_UserLogin where UserID = '" . $strUserName . "'";
$strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error());
//User Exists, so Error gracefully, then forward the user on
$conNumberofRows = mysql_num_rows($strUserResult);
if ($conNumberofRows == 1) {
//here's our user
$strNow = date('Y-m-j h:i:s');
//User Doesn't exist so carry on Adding
$strAddUserQuery = "UPDATE tbl_UserLogin SET UserVerified='1' where UserID='" . $strUserName . "'";
$strAddUserResult = mysql_query($strAddUserQuery) or die("Query Failed:" . mysql_error());
echo "\r\n\r\n<table border='0' cellspacing='0' cellpadding='5' width='900' align='center'>\r\n <tr>\r\n <td width='500'><a href='http://shop.scifivault.com/index3.php'><img src='images/scifi-small-best.jpg' width='403' height='62' border='0'></a>\r\n\r\n </td>\r\n <td align='right' valign='top' width='300'>\r\n\r\n\r\n </td></tr>\r\n\r\n<tr><td>\r\n<br> <font face='verdana'>Thankyou! You've succesfully verified.\r\n\r\n<p>Feel free to sign on and shop. Click on the link below to hurry things along.\r\n<br><br><a href='index3.php'>Back to Shop</a></font></td><td></td></tr>\r\n\r\n</table>\r\n\r\n\r\n\t\t";
funcLogToDebug("VerifyUser.php: " . $strUserName . " verified successfully");
//echo "<meta http-equiv='refresh' content='10;url=/index3.php'>";
} else {
//we've got more than 1 user with the same user ID in the db (Shouldn't be possible)
<?php
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$basketCode = funcSanitize($_GET["BasketID"]);
echo "<b>This is the Basket Contents View (" . $basketCode . ")</b>";
//query to get all items in basket
$strQuery = "SELECT t.item, c.name, t.qty, c.RRP, c.SaleRRP, c.ShortDescription, c.stockID\r\n\t\tFROM tblBasket t\r\n\t\tINNER JOIN tblItem c\r\n\t\tON t.item = c.stockId\r\n\t\tWHERE t.PHPSessionID = '" . $basketCode . "'";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strResult) != 0) {
echo "<p><table><tr><td class='titleRow'>Qty</td><td class='titleRow'>Name</td><td class='titleRow'>QuickFind</td><td class='titleRow'>Cost/Item</td><td class='titleRow'>Cost</td></tr>";
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
if ($line["RRP"] == $line["SaleRRP"] or $line["SaleRRP"] == 0.0) {
$strPrice = $line["RRP"];
} else {
$strPrice = $line["SaleRRP"];
}
echo "\n<tr>";
echo "\n<td>" . $line["qty"] . "</td><td> " . $line["name"] . " </td><td><a href='default.php?Action=ViewItem&stockID=" . $line["stockID"] . "'>" . $line["stockID"] . "</a></td><td>" . sprintf("%01.2f", $strPrice) . "</td><td>" . sprintf("%01.2f", $strPrice * $line["qty"]) . "</td>";
echo "\n</tr>";
}
echo "</table>";
} else {
echo "<p>Nothing in this basket!";
}
<p> </p>
</td>
<td width="100%" align="center" valign="top">
<?php
//connect to database server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to the correct database
mysql_select_db("sfvault_store") or die("Could not select database");
if ($_GET["p"] == "") {
$strPTag = "0";
} else {
$strPTag = funcSanitize($_GET["p"]);
}
$strSearch = funcSanitize($_POST["Search"]);
if ($strSearch == "") {
$strSearch = funcSanitize($_GET["Search"]);
}
//echo $strSearch ." is here";
//break up the results sets into a number of pages ***************************************************************
$strNumberQuery = "select count(*) as ItemCount from tblItem where NoOfItems <> -1 and (Name like '%" . $strSearch . "%' or Description like '%" . $strSearch . " %' or stockID like '%" . $strSearch . "%')";
$strNumberResult = mysql_query($strNumberQuery) or die("Query Failed: " . mysql_error());
while ($lineRes = mysql_fetch_array($strNumberResult, MYSQL_ASSOC)) {
$strTotalItems = $lineRes["ItemCount"];
}
if ($strSearch == "") {
$strTotalItems = "0";
}
//echo $strTotalItems . "<BR>";
$strPages = ceil($strTotalItems / 5);
if ($strPages != 0) {
if ($strPTag != 0) {
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
//$strPrice = substr($item, strpos($item,"(" )+1 , strrpos($item,")")- strpos($item,"(" )-1);
//echo $_POST["SubjectTag"];
$strSTag = funcSanitize(substr($_POST["SubjectTag"], 0, strpos($_POST["SubjectTag"], "#")));
//echo "<br>" . $strSTag;
$strCTag = funcSanitize(substr($_POST["SubjectTag"], strpos($_POST["SubjectTag"], "#") + 1, strrpos($_POST["SubjectTag"], "#") - 1 - strpos($_POST["SubjectTag"], "#")));
//echo "<br>" . $strVTag;
$strVTag = funcSanitize(substr($_POST["SubjectTag"], strrpos($_POST["SubjectTag"], "#") + 1));
//echo "<br>" . $strCTag;
$strItem1 = funcSanitize($_POST["item1"]);
$strItem2 = funcSanitize($_POST["item2"]);
$strItem3 = funcSanitize($_POST["item3"]);
//first thing is first, remove all special items (subcategory) tags for the posted category
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '0' where SubjectTag = '" . $strSTag . "' and CategoryTag = '" . $strCTag . "' and VersionTag = '" . $strVTag . "' and DisplayonSubCatPage = '1'";
//echo $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 1st item
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '1' where stockID = '" . $strItem1 . "'";
//echo "<br>" . $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 2nd item
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '1' where stockID = '" . $strItem2 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 3rd item
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '1' where stockID = '" . $strItem3 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
redirect("default.php?Action=SpecialItems", 0, "");
<?php
//Get data from adduser.htm
$strFirstName = funcSanitize($_POST["FirstName"]);
$strSurName = funcSanitize($_POST["SurName"]);
$strAddressLine1 = funcSanitize($_POST["AddressLine1"]);
$strAddressLine2 = funcSanitize($_POST["AddressLine2"]);
$strTown = funcSanitize($_POST["Town"]);
$strCounty = funcSanitize($_POST["County"]);
$strCountry = funcSanitize($_POST["Country"]);
$strPostCode = funcSanitize($_POST["PostCode"]);
$strDayTimeNo = funcSanitize($_POST["DayTimeNo"]);
$strMobile = funcSanitize($_POST["Mobile"]);
//$strEmailAddress = funcSanitize ($_POST["EmailAddress"]);
$strEmailAddress = funcSanitize($strUserID);
$strMailUser = funcSanitize($_POST["emailUser"]);
if ($strMailUser == 'on') {
$strMailUser = '******';
} else {
$strMailUser = '******';
}
$strEncFirstName = funcEncrypt($strFirstName);
$strEncSurName = funcEncrypt($strSurName);
$strEncAddressLine1 = funcEncrypt($strAddressLine1);
$strEncAddressLine2 = funcEncrypt($strAddressLine2);
$strEncTown = funcEncrypt($strTown);
$strEncCounty = funcEncrypt($strCounty);
$strEncCountry = funcEncrypt($strCountry);
$strEncPostCode = funcEncrypt($strPostCode);
$strEncDayTimeNo = funcEncrypt($strDayTimeNo);
$strEncMobile = funcEncrypt($strMobile);
$strSaleRRP = funcSanitize($strSaleRRP);
$strWeight = funcSanitize($strWeight);
$strBarcode = funcSanitize($strBarcode);
$strFeatures = funcSanitize($strFeatures);
$strVersion = funcSanitize($strVersion);
$strSize = funcSanitize($strSize);
$strPercentDiscount = funcSanitize($strPercentDiscount);
$strWholesalePrice = funcSanitize($strWholesalePrice);
$strSupplier = funcSanitize($strSupplier);
$strAvailability = funcSanitize($strAvailability);
$strNoOfItems = funcSanitize($strNoOfItems);
$strSubject = funcSanitize($strSubject);
$strCategory = funcSanitize($strCategory);
$strSubjectTag = funcSanitize($strSubjectTag);
$strCategoryTag = funcSanitize($strCategoryTag);
$strVersionTag = funcSanitize($strVersionTag);
$strInsertQuery = "INSERT INTO tblItem VALUES ('" . $strDescription . "','" . $strStockID . "','" . $strSmallPicture . "','" . $strBigPicture . "','" . $strShortDescription . "','" . $strName . "','" . $strCost . "','" . $strRRP . "','" . $strSaleRRP . "','" . $strWeight . "','" . $strBarcode . "','" . $strFeatures . "','" . $strVersion . "','" . $strSize . "','" . $strPercentDiscount . "','" . $strWholesalePrice . "','" . $strSupplier . "','" . $strAvailability . "','" . $strCategory . "','" . $strSubject . "','" . $strNoOfItems . "','" . $strSubjectTag . "','" . $strCategoryTag . "','" . $strVersionTag . "', '','','')";
funcDebug("strInsertQuery: " . $strInsertQuery);
//$strUpdateQuery = "UPDATE tblItem SET Description = '" . $strDescription . "', smallPicture = '" . $strSmallPicture . "', bigPicture = '" . $strBigPicture . "', ShortDescription = '" .$strShortDescription . "', Name = '" . $strName . "', Cost = '" . $strCost . "', RRP = '" . $strRRP . "', SaleRRP = '" . $strSaleRRP . "', Weight = '" . $strWeight . "', Barcode = '" . $strBarcode . "', Features = '" . $strFeatures . "', Version = '" . $strVersion . "', Size = '" . $strSize ."', PercentDiscount = '" . $strPercentDiscount . "', WholesalePrice = '" . $strWholesalePrice . "', Supplier = '" . $strSupplier . "', Availability = '" . $strAvailabilty . "' WHERE stockID = '" . $strStockID . "'";
//funcDebug ("strUpdateQuery: " . $strUpdateQuery );
$strInsertResult = mysql_query($strInsertQuery) or die("Query Failed :" . mysql_error());
$strNow = date('Y-m-j h:i:s');
$strEditedInsert = "INSERT: \$\$" . $strStockID . "\$\$,\$\$" . $strSmallPicture . "\$\$,\$\$" . $strBigPicture . "\$\$,\$\$" . $strShortDescription . "\$\$,\$\$" . $strName . "\$\$,\$\$" . $strCost . "\$\$,\$\$" . $strRRP . "\$\$,\$\$" . $strSaleRRP . "\$\$,\$\$" . $strWeight . "\$\$,\$\$" . $strBarcode . "\$\$,\$\$" . $strFeatures . "\$\$,\$\$" . $strVersion . "\$\$,\$\$" . $strSize . "\$\$,\$\$" . $strPercentDiscount . "\$\$,\$\$" . $strWholesalePrice . "\$\$,\$\$" . $strSupplier . "\$\$,\$\$" . $strAvailability . "\$\$,\$\$" . $strNoOfItems . "\$\$,\$\$" . strSubjectTag . "\$\$,\$\$" . $strCategoryTag . "\$\$,\$\$" . $strVersionTag;
$strLogInsert = "INSERT INTO tblLog Values ('" . $strNow . "','DEV','" . $strEditedInsert . "')";
funcDebug("strLogInsert: " . $strLogInsert);
$strInsertLogEntry = mysql_query($strLogInsert) or die("Log Entry Failed");
}
//close connection to database
funcDebug("Closing link to db");
mysql_close($link);
redirect("displayItem.php?stockID=" . $strStockID, 1, "<B>Redirecting...</B><br> <a href='displayItem.php?stockID=" . $strStockID . "'>Click here if redirect fails</a>");
<?php
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
include 'includes/SharedFunctionsStrict.php';
if (isset($_POST['remove']) or isset($_POST['altRemove'])) {
$itemcode = funcSanitize($_POST['removeitem']);
$emailaddress = funcSanitize($_POST['emailaddress']);
$strBool = 0;
$counter = 0;
funcDeleteItem($itemcode, $emailaddress);
}
function funcDeleteItem($itemcode, $emailaddress)
{
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//$qty = "1";
//$itemcode = funcSanitize($_POST['removeitem']);
$strBool = 0;
$counter = 0;
$strUpdateStockQuery = "DELETE FROM tbl_PreOrder where stockID = '" . $itemcode . "' and emailaddress = '" . $emailaddress . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
funcLogToDebug("RemovePreOrder.php: PreOrder for " . $itemcode . " by " . $emailaddress . "was removed.");
?>
<HTML>
<HEAD>
<?php
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//Get data from adduser.htm
$strPassword1 = funcSanitize($_POST['Password']);
$strPassword2 = funcSanitize($_POST['Password2']);
$strPassword3 = funcSanitize($_POST['Password3']);
//check old password is correct
$strPasswordQry = "SELECT Password from tbl_UserLogin where UserID = '" . $strUserID . "'";
$strPasswordResult = mysql_query($strPasswordQry) or die("Query Failed:" . mysql_error());
$conNumberofRows = mysql_num_rows($strPasswordResult);
if ($conNumberofRows == 1) {
while ($linePassword = mysql_fetch_array($strPasswordResult, MYSQL_ASSOC)) {
if ($linePassword["Password"] == md5($strPassword1)) {
//old password correct, you may progress...
} else {
//old password wrong
echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=4'>";
echo "</HEAD></HTML>";
funcLogToDebug("updatePassword.php:" . $strUserID . " got password wrong");
exit;
}
$strBarcode = funcSanitize($strBarcode);
$strFeatures = funcSanitize($strFeatures);
$strVersion = funcSanitize($strVersion);
$strSize = funcSanitize($strSize);
$strPercentDiscount = funcSanitize($strPercentDiscount);
$strWholesalePrice = funcSanitize($strWholesalePrice);
$strSupplier = funcSanitize($strSupplier);
$strAvailability = funcSanitize($strAvailability);
$strNoOfItems = funcSanitize($strNoOfItems);
$strSubject = funcSanitize($strSubject);
$strCategory = funcSanitize($strCategory);
$strSubjectTag = funcSanitize($strSubjectTag);
$strCategoryTag = funcSanitize($strCategoryTag);
$strVersionTag = funcSanitize($strVersionTag);
$strFrontPage = funcSanitize($strFrontPage);
$strSubCatPage = funcSanitize($strSubCatPage);
$strInsertQuery = "INSERT INTO tblItem VALUES ('" . $strDescription . "','" . $strStockID . "','" . $strSmallPicture . "','" . $strBigPicture . "','" . $strShortDescription . "','" . $strName . "','" . $strCost . "','" . $strRRP . "','" . $strSaleRRP . "','" . $strWeight . "','" . $strBarcode . "','" . $strFeatures . "','" . $strVersion . "','" . $strSize . "','" . $strPercentDiscount . "','" . $strWholesalePrice . "','" . $strSupplier . "','" . $strAvailability . "','" . $strCategory . "','" . $strSubject . "','" . $strNoOfItems . "','" . $strSubjectTag . "','" . $strCategoryTag . "','" . $strVersionTag . "', '" . $strFrontPage . "','','" . $strSubCatPage . "')";
funcDebug("strInsertQuery: " . $strInsertQuery);
//$strUpdateQuery = "UPDATE tblItem SET Description = '" . $strDescription . "', smallPicture = '" . $strSmallPicture . "', bigPicture = '" . $strBigPicture . "', ShortDescription = '" .$strShortDescription . "', Name = '" . $strName . "', Cost = '" . $strCost . "', RRP = '" . $strRRP . "', SaleRRP = '" . $strSaleRRP . "', Weight = '" . $strWeight . "', Barcode = '" . $strBarcode . "', Features = '" . $strFeatures . "', Version = '" . $strVersion . "', Size = '" . $strSize ."', PercentDiscount = '" . $strPercentDiscount . "', WholesalePrice = '" . $strWholesalePrice . "', Supplier = '" . $strSupplier . "', Availability = '" . $strAvailabilty . "' WHERE stockID = '" . $strStockID . "'";
//funcDebug ("strUpdateQuery: " . $strUpdateQuery );
$strInsertResult = mysql_query($strInsertQuery) or die("Query Failed :" . mysql_error());
$strNow = date('Y-m-j h:i:s');
$strEditedInsert = "INSERT: \$\$" . $strStockID . "\$\$,\$\$" . $strSmallPicture . "\$\$,\$\$" . $strBigPicture . "\$\$,\$\$" . $strShortDescription . "\$\$,\$\$" . $strName . "\$\$,\$\$" . $strCost . "\$\$,\$\$" . $strRRP . "\$\$,\$\$" . $strSaleRRP . "\$\$,\$\$" . $strWeight . "\$\$,\$\$" . $strBarcode . "\$\$,\$\$" . $strFeatures . "\$\$,\$\$" . $strVersion . "\$\$,\$\$" . $strSize . "\$\$,\$\$" . $strPercentDiscount . "\$\$,\$\$" . $strWholesalePrice . "\$\$,\$\$" . $strSupplier . "\$\$,\$\$" . $strAvailability . "\$\$,\$\$" . $strNoOfItems . "\$\$,\$\$" . strSubjectTag . "\$\$,\$\$" . $strCategoryTag . "\$\$,\$\$" . $strVersionTag;
$strLogInsert = "INSERT INTO tblLog Values ('" . $strNow . "','DEV','" . $strEditedInsert . "')";
funcDebug("strLogInsert: " . $strLogInsert);
$strInsertLogEntry = mysql_query($strLogInsert) or die("Log Entry Failed");
}
//close connection to database
funcDebug("Closing link to db");
mysql_close($link);
redirect("default.php?Action=ViewItem&stockID=" . $strStockID, 1, "<B>Redirecting...</B><br> <a href='default.php?Action=AmendItem&stockID=" . $strStockID . "'>Click here if redirect fails</a>");
<?php
//connect to server
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
$strTitle = funcSanitize($_POST["Title"]);
$strDescription = funcSanitize($_POST["Description"]);
$strLink = $_POST["Link"];
$strInsertQuery = "INSERT INTO tbl_News VALUES ('', '" . $strTitle . "','" . $strLink . "','" . $strNow . "','" . $strDescription . "')";
$strInsertResult = mysql_query($strInsertQuery) or die("Query Failed :" . mysql_error());
redirect("default.php?Action=News", 1, "<B>Redirecting...</B><br> <a href='default.php?Action=News'>Click here if redirect fails</a>");
?>
<?php
// Redirects to another Page using HTTP-META Tag
function redirect($url, $delay = 0, $message = "")
{
/* redirects to a new URL using meta tags */
echo "<meta http-equiv='Refresh' content='" . $delay . "; url=" . $url . "'>";
die("<div style='font-family: Arial, Sans-serif; font-size: 12pt;' align=center> " . $message . " </div>");
}
?>
<td width="391" valign="top">
<div align="right"><font face="Verdana, Arial, Helvetica, sans-serif" size="6"><b>Invoice</b></font></div>
</td>
</tr>
</table>
<br>
<font face="Verdana, Arial, Helvetica, sans-serif"><table border="1" cellspacing="0" cellpadding="5" width="900" align="center">
</font><font face="Verdana, Arial, Helvetica, sans-serif"><tr></font>
<font face="Verdana, Arial, Helvetica, sans-serif"><td></font>
<font face="Verdana, Arial, Helvetica, sans-serif">
<?php
//connect to database
$link = mysql_connect("localhost", "sfvault_readStor", "fhyF=ruR^#1|WO") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strOrderNo = funcSanitize($_GET['strOrder']);
//query to get all baskets
$strQuery = "SELECT * FROM tbl_Orders where OrderNo = '" . $strOrderNo . "'";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
$strOrderNo = $line["OrderNo"];
$strOrderSubmitted = $line["DateTme"];
$strCookie = $line["Cookie"];
$strItems = $line["Items"];
$strShipping = $line["Shipping"];
$strCost = $line["Cost"];
$strAddress = strtoupper($line["Address"]);
$strEmailAddress = $line["emailaddress"];
$strName = strtoupper($line["Name"]);
$strPhone = $line["Phone"];
//if query returns non zero, then update the timestamp
$strNow = date('Y-m-j h:i:s');
$strQuery = "UPDATE tblSession SET TimeStmp = '" . $strNow . "' where PHPSESSIONID = '" . session_id() . "'";
$strResult = mysql_query($strQuery) or die("Query Failed:" . mysql_error());
} else {
echo "\n<!-- INSERT -->";
//if query returns zero rows, insert new row
$strNow = date('Y-m-j h:i:s');
$strQuery = "INSERT INTO tblSession (PHPSESSIONID, TimeStmp) values ('" . session_id() . "', '" . $strNow . "')";
$strResult = mysql_query($strQuery) or die("Query Failed:" . mysql_error());
}
// get the tags
//$strCTag = funcSanitize($_GET['cTag']);
$strVTag = funcSanitize($_GET['vTag']);
$strSTag = funcSanitize($_GET['sTag']);
$strPTag = funcSanitize($_GET['p']);
echo "<!-- " . $strVTag . " & " . $strSTag . "-->";
?>
<!-- I'm expecting a URL like this: http://blah/Category.php?sTag=XX-->
<HTML>
<HEAD>
<TITLE>Sci-Fi Vault</TITLE>
<link rel="stylesheet" href="stylesheets/mainstylesheet.css" type="text/css">
</HEAD>
<BODY bgcolor="#FFFFFF" text="#000000" link="#000000" vlink="#000000" alink="#000000" leftmargin="0" topmargin="0">
<table border="0" cellspacing="0" cellpadding="5" width="900" align="center">
<BODY>
<?php
include 'includes/SharedFunctionsStrict.php';
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
$strNow = date('Y-m-j h:i:s');
$strStatus = funcSanitize($_POST["STATUS"]);
$strOrder = funcSanitize($_POST["orderno"]);
funcLogToDebug("updateOrder.php: Order (" . $strOrder . ") changed status to " . $strStatus);
$strUpdateQuery = "UPDATE tbl_Orders SET Status = '" . $strStatus . "' WHERE OrderNo = '" . $strOrder . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error());
//query to get all baskets
$strQuery = "SELECT * FROM tbl_Orders where OrderNo = '" . $strOrder . "'";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
$strOrderNo = $line["OrderNo"];
$strOrderSubmitted = $line["DateTme"];
$strCookie = $line["Cookie"];
$strItems = $line["Items"];
$strShipping = $line["Shipping"];
$strCost = $line["Cost"];
$strAddress = $line["Address"];
//Write Debug information
funcDebug("this is a test debug");
//mail webmasters
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
$strFix = funcSanitize($_POST["fix2"]);
$strNow = date('Y-m-j h:i:s');
$strPriority = funcSanitize($_POST["STATUS"]);
$strBugQuery = "SELECT * from tblBugs where IssueNo = '" . $strFix . "'";
$strBugResult = mysql_query($strBugQuery) or die("Query Failed :" . mysql_error());
while ($lineBug = mysql_fetch_array($strBugResult, MYSQL_ASSOC)) {
$arrIssue = split("</br>", $lineBug["Issue"]);
$strIssue = str_replace("<br>", "", $arrIssue[0]);
}
if ($strFix != "") {
$strUpdateQuery = "UPDATE tblBugs SET Fixed = 'Y', WhenFixed = '" . $strNow . "' WHERE IssueNo = '" . $_POST["fix"] . "'";
mail("adrian@nofishhere.com,james@scifivault.com,david@scifivault.com,hilary@scifivault.com", "BUG Changed status from Open to Closed", "Issue No: " . $_POST["fix"] . " has been closed off " . $ip . "\n\n" . $strIssue, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
} else {
$strUpdateQuery = "UPDATE tblBugs SET Priority = '" . $strPriority . "' WHERE IssueNo = '" . $_POST["fix2"] . "'";
mail("adrian@nofishhere.com,james@scifivault.com,david@scifivault.com,hilary@scifivault.com", "BUG Changed Priority to " . $strPriority, "Issue No: " . $_POST["fix2"] . " has changed status " . $ip . "\n\n" . $strIssue, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
}
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error());
//close connection to database
<?php
include 'includes/SharedFunctionsStrict.php';
$strMailText = funcSanitize($_POST['feedback']);
$strURL = funcSanitize($_POST['URL']);
mail("webmaster@scifivault.com,adrian@nofishhere.com,hilary@scifivault.com,david@scifivault.com", "Feedback", $strMailText, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
echo "<meta http-equiv='refresh' content='0;url=" . $strURL . "'>";
<?php
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
include 'includes/SharedFunctions.php';
$qty = funcSanitize($_POST['preorderqty']);
$strNow = date('Y-m-j h:i:s');
$itemcode = funcSanitize($_POST['stockID']);
$email = funcSanitize($_POST['email']);
$comments = funcSanitize($_POST['Comments']);
$strBool = 0;
$counter = 0;
//additional check to make sure $qty is a numeric
if (ereg("[0-9]+", $qty)) {
funcDebug("Quantity string is numeric");
} else {
echo "Invalid Input, stop trying to put non-numerics in the quantity field";
exit;
}
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//check stockID is really at -3
$strStockQry = "SELECT stockID, NoOfItems from tblItem where stockID = '" . $itemcode . "' and NoOfItems = '-3'";
#centerrightcontent p { font-size:10px}
</style>
</head>
<body>
<p align="center">
<?php
include 'includes/SharedFunctionsStrict.php';
$strStockID = funcSanitize($_GET["stockID"]);
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
//$strStockID = funcSanitize ($_POST["stockID"]);
$strQuery = "SELECT * FROM tblItem where stockID = '" . $strStockID . "'";
funcDebug("strQuery: " . $strQuery);
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strResult);
//$row = mysql_fetch_array ($strResult);
<?php
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
include 'includes/SharedFunctionsStrict.php';
if (isset($_POST['remove']) or isset($_POST['altRemove'])) {
$qty = "1";
$itemcode = funcSanitize($_POST['removeitem']);
$strBool = 0;
$counter = 0;
//additional check to make sure $qty is a numeric
if (ereg("[0-9]+", $qty)) {
//funcDebug ("Quantity string is numeric");
//echo $itemcode;
funcDeleteItem(session_id(), $itemcode, $qty);
} else {
echo "Invalid Input, stop trying to put non-numerics in the quantity field";
exit;
}
}
function funcDeleteItem($strSessionID, $itemcode, $qty)
{
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
